projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
99358d0
)
hardened_usercopy=1 is now officially recommended by KSPP
author
Alexander Popov
<alex.popov@linux.com>
Tue, 17 Oct 2023 05:35:00 +0000
(08:35 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Tue, 17 Oct 2023 05:35:00 +0000
(08:35 +0300)
kernel_hardening_checker/checks.py
patch
|
blob
|
history
diff --git
a/kernel_hardening_checker/checks.py
b/kernel_hardening_checker/checks.py
index a05b07f6cd68fd29ea5b7fc3630d755a396ebee9..2d9f8c99ccef311a4c4eed551cbf198ac070c572 100644
(file)
--- a/
kernel_hardening_checker/checks.py
+++ b/
kernel_hardening_checker/checks.py
@@
-475,7
+475,6
@@
def add_cmdline_checks(l, arch):
AND(CmdlineCheck('self_protection', 'kspp', 'page_poison', '1'),
KconfigCheck('self_protection', 'kspp', 'PAGE_POISONING_ZERO', 'y'),
CmdlineCheck('self_protection', 'kspp', 'slub_debug', 'P')))]
AND(CmdlineCheck('self_protection', 'kspp', 'page_poison', '1'),
KconfigCheck('self_protection', 'kspp', 'PAGE_POISONING_ZERO', 'y'),
CmdlineCheck('self_protection', 'kspp', 'slub_debug', 'P')))]
- # The cmdline checks compatible with the kconfig recommendations of the KSPP project...
l += [OR(CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', '1'),
AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y'),
CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', 'is not set')))]
l += [OR(CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', '1'),
AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y'),
CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', 'is not set')))]