From: Alexander Popov Date: Thu, 28 Nov 2019 16:30:01 +0000 (+0300) Subject: Don't recommend disabling IKCONFIG anymore X-Git-Tag: v0.5.3~12 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=8146802d168ec85ce256843c2d513f8a742322f2;p=kconfig-hardened-check.git Don't recommend disabling IKCONFIG anymore That info is needed for this script :) --- diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index 5c60fb7..2ed79cd 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -363,7 +363,7 @@ def construct_checklist(checklist, arch): checklist.append(OptCheck('MMIOTRACE_TEST', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCK_DOWN_KERNEL checklist.append(OptCheck('KSM', 'is not set', 'clipos', 'cut_attack_surface')) # to prevent FLUSH+RELOAD attack - checklist.append(OptCheck('IKCONFIG', 'is not set', 'clipos', 'cut_attack_surface')) +# checklist.append(OptCheck('IKCONFIG', 'is not set', 'clipos', 'cut_attack_surface')) # no, this info is needed for this check :) checklist.append(OptCheck('KALLSYMS', 'is not set', 'clipos', 'cut_attack_surface')) checklist.append(OptCheck('X86_VSYSCALL_EMULATION', 'is not set', 'clipos', 'cut_attack_surface')) checklist.append(OptCheck('MAGIC_SYSRQ', 'is not set', 'clipos', 'cut_attack_surface'))