From e2c996e9059a09a90c5a372819d586780e56d2af Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sat, 30 Dec 2023 21:30:14 +0300 Subject: [PATCH] Improve the hackish refinement of the CONFIG_ARCH_MMAP_RND_BITS check Don't check CONFIG_ARCH_MMAP_RND_BITS if CONFIG_ARCH_MMAP_RND_BITS_MAX was not found. --- kernel_hardening_checker/__init__.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel_hardening_checker/__init__.py b/kernel_hardening_checker/__init__.py index 212cf62..7cd3957 100644 --- a/kernel_hardening_checker/__init__.py +++ b/kernel_hardening_checker/__init__.py @@ -329,6 +329,10 @@ def main(): mmap_rnd_bits_max = parsed_kconfig_options.get('CONFIG_ARCH_MMAP_RND_BITS_MAX', None) if mmap_rnd_bits_max: override_expected_value(config_checklist, 'CONFIG_ARCH_MMAP_RND_BITS', mmap_rnd_bits_max) + else: + # remove the CONFIG_ARCH_MMAP_RND_BITS check to avoid false results + print('[-] Can\'t check CONFIG_ARCH_MMAP_RND_BITS without CONFIG_ARCH_MMAP_RND_BITS_MAX') + config_checklist[:] = [o for o in config_checklist if o.name != 'CONFIG_ARCH_MMAP_RND_BITS'] # now everything is ready, perform the checks perform_checks(config_checklist) -- 2.31.1