projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
(from parent 1:
7496355
)
Merge branch 'shstk'
author
Alexander Popov
<alex.popov@linux.com>
Wed, 17 Apr 2024 16:27:42 +0000
(19:27 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Wed, 17 Apr 2024 16:27:42 +0000
(19:27 +0300)
Refers to #114, #120
Thanks, @jvoisin.
kernel_hardening_checker/checks.py
patch
|
blob
|
history
diff --git
a/kernel_hardening_checker/checks.py
b/kernel_hardening_checker/checks.py
index 5aff75e221f792e5a6e9b2e6910025b7626eae95..5ec19cc5b7b7ad4a77a370d9c3671d579750eabd 100644
(file)
--- a/
kernel_hardening_checker/checks.py
+++ b/
kernel_hardening_checker/checks.py
@@
-407,6
+407,8
@@
def add_kconfig_checks(l, arch):
l += [KconfigCheck('harden_userspace', 'defconfig', 'VMSPLIT_3G', 'y')]
l += [KconfigCheck('harden_userspace', 'clipos', 'COREDUMP', 'is not set')]
l += [KconfigCheck('harden_userspace', 'a13xp0p0v', 'ARCH_MMAP_RND_BITS', 'MAX')] # 'MAX' value is refined using ARCH_MMAP_RND_BITS_MAX
+ if arch == 'X86_64':
+ l += [KconfigCheck('harden_userspace', 'a13xp0p0v', 'X86_USER_SHADOW_STACK', 'y')]
def add_cmdline_checks(l, arch):