From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 7 Jul 2024 13:49:47 +0000 (+0300)
Subject: Add the CONFIG_N_GSM check
X-Git-Tag: v0.6.10~33
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=5d0f97db4c355235a412830737fdfd2a710acf79;p=kconfig-hardened-check.git

Add the CONFIG_N_GSM check

See https://www.openwall.com/lists/oss-security/2024/04/17/1.

Refers to #122.
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index faf2aa2..b8cc895 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -386,6 +386,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
     l += [KconfigCheck('cut_attack_surface', 'maintainer', 'BLK_DEV_FD_RAWCMD', 'is not set')] # recommended by Denis Efremov in /pull/62
     l += [KconfigCheck('cut_attack_surface', 'maintainer', 'NOUVEAU_LEGACY_CTX_SUPPORT', 'is not set')]
                                             # recommended by Dave Airlie in kernel commit b30a43ac7132cdda
+    l += [KconfigCheck('cut_attack_surface', 'maintainer', 'N_GSM', 'is not set')]
+                                            # recommended by Greg KH at https://www.openwall.com/lists/oss-security/2024/04/17/1
 
     # 'cut_attack_surface', 'clipos'
     l += [KconfigCheck('cut_attack_surface', 'clipos', 'STAGING', 'is not set')]