From: HacKurx Date: Thu, 9 Apr 2020 11:25:37 +0000 (+0200) Subject: Add CONFIG_INPUT_EVBUG X-Git-Tag: v0.5.7~24^2~1 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=a7e1677cea24fec92a6a2c36c1dbc0094413535d;p=kconfig-hardened-check.git Add CONFIG_INPUT_EVBUG The "evbug" module records key events and mouse movements in the system log. Useful for debugging, this is a security threat, its use can be hijacked as a keylogger. An attacker will be able to retrieve your passwords using this module. --- diff --git a/README.md b/README.md index 76d4e1d..ff129c4 100644 --- a/README.md +++ b/README.md @@ -204,6 +204,7 @@ CONFIG_IP_SCTP | is not set | my | cut_atta CONFIG_FTRACE | is not set | my | cut_attack_surface | FAIL: "y" CONFIG_BPF_JIT | is not set | my | cut_attack_surface | FAIL: "y" CONFIG_VIDEO_VIVID | is not set | my | cut_attack_surface | FAIL: "m" +CONFIG_INPUT_EVBUG | is not set | my | cut_attack_surface | FAIL: "m" CONFIG_INTEGRITY | y |defconfig |userspace_hardening | OK CONFIG_ARCH_MMAP_RND_BITS | 32 | clipos |userspace_hardening | FAIL: "28" diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 047beff..15ea3e4 100755 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -494,6 +494,7 @@ def construct_checklist(checklist, arch): checklist.append(OptCheck('FTRACE', 'is not set', 'my', 'cut_attack_surface')) # refers to LOCKDOWN checklist.append(OptCheck('BPF_JIT', 'is not set', 'my', 'cut_attack_surface')) checklist.append(OptCheck('VIDEO_VIVID', 'is not set', 'my', 'cut_attack_surface')) + checklist.append(OptCheck('INPUT_EVBUG', 'is not set', 'my', 'cut_attack_surface')) # Can be used as a keylogger checklist.append(OptCheck('INTEGRITY', 'y', 'defconfig', 'userspace_hardening')) if arch == 'ARM64':