From: Alexander Popov Date: Fri, 6 Mar 2020 21:53:06 +0000 (+0300) Subject: Add CLIP OS recommendation about CONFIG_STAGING X-Git-Tag: v0.5.5~25 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=3a2b67f97ac532696139aa5c1808ba349cbfa7be;p=kconfig-hardened-check.git Add CLIP OS recommendation about CONFIG_STAGING --- diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index 85a0d2f..d2caafd 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -410,6 +410,7 @@ def construct_checklist(checklist, arch): checklist.append(OptCheck('BPF_SYSCALL', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCK_DOWN_KERNEL checklist.append(OptCheck('MMIOTRACE_TEST', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCK_DOWN_KERNEL + checklist.append(OptCheck('STAGING', 'is not set', 'clipos', 'cut_attack_surface')) checklist.append(OptCheck('KSM', 'is not set', 'clipos', 'cut_attack_surface')) # to prevent FLUSH+RELOAD attack # checklist.append(OptCheck('IKCONFIG', 'is not set', 'clipos', 'cut_attack_surface')) # no, this info is needed for this check :) checklist.append(OptCheck('KALLSYMS', 'is not set', 'clipos', 'cut_attack_surface'))