Add the CONFIG_N_GSM check

author Alexander Popov <alex.popov@linux.com>

Sun, 7 Jul 2024 13:49:47 +0000 (16:49 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sun, 7 Jul 2024 13:49:47 +0000 (16:49 +0300)
author Alexander Popov <alex.popov@linux.com>
Sun, 7 Jul 2024 13:49:47 +0000 (16:49 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sun, 7 Jul 2024 13:49:47 +0000 (16:49 +0300)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index faf2aa275340b46cca447100af5578144e302e58..b8cc895be0fe2ef7784500494fae936526106b6c 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -386,6 +386,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
      l += [KconfigCheck('cut_attack_surface', 'maintainer', 'BLK_DEV_FD_RAWCMD', 'is not set')] # recommended by Denis Efremov in /pull/62
      l += [KconfigCheck('cut_attack_surface', 'maintainer', 'NOUVEAU_LEGACY_CTX_SUPPORT', 'is not set')]
                                              # recommended by Dave Airlie in kernel commit b30a43ac7132cdda
+    l += [KconfigCheck('cut_attack_surface', 'maintainer', 'N_GSM', 'is not set')]
+                                            # recommended by Greg KH at https://www.openwall.com/lists/oss-security/2024/04/17/1
  
      # 'cut_attack_surface', 'clipos'
      l += [KconfigCheck('cut_attack_surface', 'clipos', 'STAGING', 'is not set')]
author	Alexander Popov <alex.popov@linux.com>
	Sun, 7 Jul 2024 13:49:47 +0000 (16:49 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sun, 7 Jul 2024 13:49:47 +0000 (16:49 +0300)