From b23112f17deaa07ece6c578516deaca678be7f14 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Mon, 25 Mar 2024 20:40:15 +0300 Subject: [PATCH] Drop the GCC_PLUGINS check (checking CC_IS_GCC is enough) Refers to #102 --- kernel_hardening_checker/checks.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index 99e8810..6b9db7a 100644 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -26,7 +26,6 @@ def add_kconfig_checks(l, arch): efi_not_set = KconfigCheck('-', '-', 'EFI', 'is not set') cc_is_gcc = KconfigCheck('-', '-', 'CC_IS_GCC', 'y') # exists since v4.18 cc_is_clang = KconfigCheck('-', '-', 'CC_IS_CLANG', 'y') # exists since v4.18 - gcc_plugins_support_is_set = KconfigCheck('-', '-', 'GCC_PLUGINS', 'y') modules_not_set = KconfigCheck('cut_attack_surface', 'kspp', 'MODULES', 'is not set') # radical, but may be useful in some cases devmem_not_set = KconfigCheck('cut_attack_surface', 'kspp', 'DEVMEM', 'is not set') # refers to LOCKDOWN @@ -159,7 +158,6 @@ def add_kconfig_checks(l, arch): l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_PAGESPAN', 'is not set'), hardened_usercopy_is_set)] # this debugging for HARDENED_USERCOPY is not needed for security l += [AND(KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_LATENT_ENTROPY', 'y'), - gcc_plugins_support_is_set, cc_is_gcc)] l += [OR(KconfigCheck('self_protection', 'kspp', 'MODULE_SIG', 'y'), modules_not_set)] @@ -199,15 +197,12 @@ def add_kconfig_checks(l, arch): if arch in ('X86_64', 'ARM64', 'X86_32'): stackleak_is_set = KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STACKLEAK', 'y') l += [AND(stackleak_is_set, - gcc_plugins_support_is_set, cc_is_gcc)] l += [AND(KconfigCheck('self_protection', 'kspp', 'STACKLEAK_METRICS', 'is not set'), stackleak_is_set, - gcc_plugins_support_is_set, cc_is_gcc)] l += [AND(KconfigCheck('self_protection', 'kspp', 'STACKLEAK_RUNTIME_DISABLE', 'is not set'), stackleak_is_set, - gcc_plugins_support_is_set, cc_is_gcc)] l += [KconfigCheck('self_protection', 'kspp', 'RANDOMIZE_KSTACK_OFFSET_DEFAULT', 'y')] if arch in ('X86_64', 'ARM64'): -- 2.31.1