From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 20 Jun 2018 21:07:52 +0000 (+0300)
Subject: Disable buggy IP_SCTP to cut attack surface
X-Git-Tag: v0.5.2~98
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=b68eb59c9d222478af8f7b6aeb76801456f3d301;p=kconfig-hardened-check.git

Disable buggy IP_SCTP to cut attack surface
---

diff --git a/README.md b/README.md
index b87801e..8fdd80c 100644
--- a/README.md
+++ b/README.md
@@ -97,6 +97,7 @@ Usage: ./kconfig-hardened-check.py [-p | -c <config_file>]
   CONFIG_LIVEPATCH                       | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_USER_NS                         | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_IP_DCCP                         | is not set  |    my    | cut_attack_surface ||     FAIL: "m"      
+  CONFIG_IP_SCTP                         | is not set  |    my    | cut_attack_surface ||     FAIL: "m"      
   CONFIG_FTRACE                          | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_KPROBES                         | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_PROFILING                       | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
@@ -105,7 +106,7 @@ Usage: ./kconfig-hardened-check.py [-p | -c <config_file>]
   CONFIG_BPF_SYSCALL                     | is not set  |    my    | cut_attack_surface ||     FAIL: "y"      
   CONFIG_LKDTM                           |      m      |    my    |    feature_test    || FAIL: "is not set" 
 
-[-] config check is NOT PASSED: 39 errors
+[-] config check is NOT PASSED: 40 errors
 ```
 
 __Go and fix them all!__
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index a63df18..e784d07 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -96,6 +96,7 @@ def construct_opt_list():
     opt_list.append([Opt('LIVEPATCH',            'is not set', 'my', 'cut_attack_surface'), ''])
     opt_list.append([Opt('USER_NS',              'is not set', 'my', 'cut_attack_surface'), '']) # user.max_user_namespaces=0
     opt_list.append([Opt('IP_DCCP',              'is not set', 'my', 'cut_attack_surface'), ''])
+    opt_list.append([Opt('IP_SCTP',              'is not set', 'my', 'cut_attack_surface'), ''])
     opt_list.append([Opt('FTRACE',               'is not set', 'my', 'cut_attack_surface'), ''])
     opt_list.append([Opt('KPROBES',              'is not set', 'my', 'cut_attack_surface'), ''])
     opt_list.append([Opt('PROFILING',            'is not set', 'my', 'cut_attack_surface'), ''])