From: Alexander Popov Date: Fri, 20 Mar 2020 20:24:03 +0000 (+0300) Subject: CopperheadOS disables the kernel's CONFIG_AIO feature X-Git-Tag: v0.5.5~5 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=1e2a12519efdb70fd5456f08b1726eaa75d6913f;p=kconfig-hardened-check.git CopperheadOS disables the kernel's CONFIG_AIO feature It isn't used or exposed by the base system and is a dubious feature. It performs no better than thread pools and it can still block, along with having coverage of only a tiny portion of blocking system calls even when considering only commonly used system calls for IO. There are no known compatibility issues caused by having this disabled. Since this is such a dubious niche feature, it's also very poorly tested and it doesn't get much attention. Proposed improvements have been blocked based on the concern that POSIX AIO is such a bad interface that trying to improve/extend it would be harmful. Following the lead of CopperheadOS on this front has been proposed and accepted upstream for the recommended Android kernel configuration used to derive device specific configurations. https://github.com/AndroidHardeningArchive/documentation/blob/master/technical_overview.md#attack-surface-reduction --- diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index 197d82e..c5dcb06 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -426,6 +426,8 @@ def construct_checklist(checklist, arch): checklist.append(AND(OptCheck('LDISC_AUTOLOAD', 'is not set', 'clipos', 'cut_attack_surface'), \ VerCheck((5, 1)))) # LDISC_AUTOLOAD can be disabled since v5.1 + checklist.append(OptCheck('AIO', 'is not set', 'copperhead', 'cut_attack_surface')) + checklist.append(OptCheck('MMIOTRACE', 'is not set', 'my', 'cut_attack_surface')) # refers to LOCKDOWN (permissive) checklist.append(OptCheck('LIVEPATCH', 'is not set', 'my', 'cut_attack_surface')) checklist.append(OptCheck('IP_DCCP', 'is not set', 'my', 'cut_attack_surface'))