projects / kconfig-hardened-check.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 0d5c56f)
Don't mention LKDTM
authorAlexander Popov <alex.popov@linux.com>
Thu, 21 Jul 2022 06:27:47 +0000 (09:27 +0300)
committerAlexander Popov <alex.popov@linux.com>
Thu, 21 Jul 2022 06:39:17 +0000 (09:39 +0300)
I can't recommend disabling it, because LKDTM is used to test the kernel
hardening features.

But I cant recommend enabling it, because LKDTM contains intentional
memory corruption errors. It's not for production systems.

So let's simply drop the comment about LKDTM.

kconfig_hardened_check/__init__.py patch | blob | history

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 4c6353f8707203979a4de3a84df0e2f6afcdfe16..3daddcbdaba5a860789ffacf1366c7dc49efbae6 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -639,8 +639,6 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_32', 'ARM'):
         l += [KconfigCheck('harden_userspace', 'my', 'ARCH_MMAP_RND_BITS', '16')]
 
-#   l += [KconfigCheck('feature_test', 'my', 'LKDTM', 'm')] # only for debugging!
-
 
 def add_cmdline_checks(l, arch):
     # Calling the CmdlineCheck class constructor:
kconfig-hardened-check