Add Grsecurity recommendation on BINFMT_AOUT

author Loïc <4661917+HacKurx@users.noreply.github.com>

Wed, 18 Jul 2018 18:34:28 +0000 (20:34 +0200)

committer Alexander Popov <alex.popov@linux.com>

Fri, 20 Jul 2018 17:45:44 +0000 (20:45 +0300)
author Loïc <4661917+HacKurx@users.noreply.github.com>
Wed, 18 Jul 2018 18:34:28 +0000 (20:34 +0200)
committer Alexander Popov <alex.popov@linux.com>
Fri, 20 Jul 2018 17:45:44 +0000 (20:45 +0300)
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py

index ac2644fefd4caff44298958b669033a045a7ded6..30f3d1770ccc7b9e6fd80b0a93c0b0b3a5dccc71 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -112,6 +112,7 @@ def construct_opt_checks():
      checklist.append(OptCheck('ZSMALLOC_STAT',        'is not set', 'ubuntu18', 'cut_attack_surface'))
      checklist.append(OptCheck('PAGE_OWNER',           'is not set', 'ubuntu18', 'cut_attack_surface'))
      checklist.append(OptCheck('DEBUG_KMEMLEAK',       'is not set', 'ubuntu18', 'cut_attack_surface'))
+    checklist.append(OptCheck('BINFMT_AOUT',          'is not set', 'ubuntu18', 'cut_attack_surface'))
  
      checklist.append(OptCheck('IO_STRICT_DEVMEM',     'y', 'kspp', 'cut_attack_surface'))
      checklist.append(OptCheck('LEGACY_VSYSCALL_NONE', 'y', 'kspp', 'cut_attack_surface')) # 'vsyscall=none'
author	Loïc <4661917+HacKurx@users.noreply.github.com>
	Wed, 18 Jul 2018 18:34:28 +0000 (20:34 +0200)
committer	Alexander Popov <alex.popov@linux.com>
	Fri, 20 Jul 2018 17:45:44 +0000 (20:45 +0300)