From: Alexander Popov Date: Wed, 4 Mar 2020 12:29:34 +0000 (+0300) Subject: SECURITY_WRITABLE_HOOKS is not disabled by default X-Git-Tag: v0.5.5~42 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=c2b4899fc4cf7b43dd560bf8890e87ecf48f3bdf;p=kconfig-hardened-check.git SECURITY_WRITABLE_HOOKS is not disabled by default --- diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index a1a8de2..95a5edf 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -296,13 +296,13 @@ def construct_checklist(checklist, arch): checklist.append(OptCheck('SECURITY', 'y', 'defconfig', 'security_policy')) # and choose your favourite LSM if debug_mode or arch == 'ARM': checklist.append(OptCheck('SECURITY', 'y', 'kspp', 'security_policy')) # and choose your favourite LSM - checklist.append(OptCheck('SECURITY_WRITABLE_HOOKS', 'is not set', 'defconfig', 'security_policy')) checklist.append(OptCheck('SECURITY_YAMA', 'y', 'kspp', 'security_policy')) checklist.append(OptCheck('SECURITY_LOADPIN', 'y', 'my', 'security_policy')) # needs userspace support checklist.append(OptCheck('SECURITY_LOCKDOWN_LSM', 'y', 'my', 'security_policy')) checklist.append(OptCheck('SECURITY_LOCKDOWN_LSM_EARLY', 'y', 'my', 'security_policy')) checklist.append(OptCheck('LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY', 'y', 'my', 'security_policy')) checklist.append(OptCheck('SECURITY_SAFESETID', 'y', 'my', 'security_policy')) + checklist.append(OptCheck('SECURITY_WRITABLE_HOOKS', 'is not set', 'my', 'security_policy')) checklist.append(OptCheck('SECCOMP', 'y', 'defconfig', 'cut_attack_surface')) checklist.append(OptCheck('SECCOMP_FILTER', 'y', 'defconfig', 'cut_attack_surface'))