projects
/
kconfig-hardened-check.git
/ shortlog
commit
grep
author
committer
pickaxe
?
search:
re
summary
| shortlog |
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
kconfig-hardened-check.git
2022-08-13
Alexander Popov
Add the comment about vm.mmap_min_addr sysctl (for...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-13
Alexander Popov
SECURITY_DMESG_RESTRICT is more about cutting attack...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Improve the slab_common.usercopy_fallback check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Add the slab_common.usercopy_fallback check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Improve the STACKPROTECTOR check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Don't mention LKDTM
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Add info about the LKDDb project by @cateee
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Check ARM64_BTI for userspace hardening
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Check ARM64_PTR_AUTH for userspace hardening
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Add rodata check for ARM64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add iommu.passthrough check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add IOMMU_DEFAULT_PASSTHROUGH check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add iommu.strict check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add vsyscall check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-09
Alexander Popov
Don't add CmdlineChecks in add_kconfig_checks() to...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-09
Alexander Popov
Add slub_debug check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-08
Alexander Popov
Add the release badge
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Add the init_on_free check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Add the page_poison check required for PAGE_POISONING_ZERO
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Rewrite the slab_nomerge check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Rewrite the randomize_kstack_offset check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-19
Alexander Popov
Check that a kconfig option value is sane
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-19
Alexander Popov
Add a tricky check for init_on_alloc and INIT_ON_ALLOC_...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-19
Alexander Popov
Move the add_cmdline_checks() call earlier
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Don't check __name__ in __init__.py (it can't run separ...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Fix the pylint warning about isinstance
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Drop unneeded properties of ComplexOptCheck
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 4)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 3)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 2)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 1)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Drop useless checks, the ComplexOptCheck constructor...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
github actions: Test error handling (part 2)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
github actions: Test error handling (part 1)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Collect coverage for error handling...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: upgrade to codecov-action@v2
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
Check that --config and --print are not used together
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Collect coverage for cmdline checking
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Improve the descriptions
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Improve the test output
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
Drop dash-separated values from setup.cfg
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Add testing with python 3.9
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Merge branch 'cmdline'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Change the example output in README
cmdline
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Describe the cmdline checking support in README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add the example config of Fedora 34
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Check the pti cmdline parameter
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Check the slab_nomerge cmdline parameter
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Check the randomize_kstack_offset cmdline parameter
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add cmdline file parsing
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add the infrastructure for cmdline checks
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add '--cmdline' argument for the tool
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add cmdline checks to '--print'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add the CmdlineCheck class
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-15
Alexander Popov
Add the comment about sysrq_always_enabled
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-15
Alexander Popov
Add the comment about rodata
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-08
Alexander Popov
Update direct feedback from Linux kernel maintainers...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-06
Alexander Popov
Add the comment about arm64.nomte
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-06
Alexander Popov
Add the comment about kernel.randomize_va_space
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-06
Alexander Popov
Add the KGDB check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-06
Alexander Popov
Add RANDOMIZE_MODULE_REGION_FULL for arm64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-28
Alexander Popov
Update the README
v0.5.17
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-28
Alexander Popov
Merge pull request #62 from evdenis/master
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-28
Alexander Popov
Add the type property for OptCheck to fix a pylint...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-27
Denis Efremov
Add BLK_DEV_FD_RAWCMD
62/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-22
Alexander Popov
Add the STACKPROTECTOR check from KSPP
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-22
Alexander Popov
Drop the ARM64_MTE check for userspace hardening
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-22
Alexander Popov
Separate out checking SECURITY_WRITABLE_HOOKS and SECUR...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-22
Alexander Popov
Fix the arch condition for the SCHED_CORE check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-22
Alexander Popov
Add the KSPP recommendation of ZERO_CALL_USED_REGS
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-22
Alexander Popov
Disabling X86_MSR is recommended by KSPP
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Fix the bug in the verdict description for ComplexOptCheck
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Additional check for TYPES_OF_CHECKS
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Drop PresenceCheck; OptCheck without 'expected' paramet...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Update the KSPP recommendations in the config_files
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Add the KSPP recommendation of SCHED_CORE
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Add the KSPP recommendation of IOMMU_DEFAULT_DMA_STRICT
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Add the KSPP recommendation of WERROR
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-20
Alexander Popov
Add the KSPP recommendation of KFENCE
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-08
Alexander Popov
No need in BPF_UNPRIV_DEFAULT_OFF if BPF_SYSCALL is...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-08
Alexander Popov
Merge branch 'from-martin-rowe'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-04-07
Alexander Popov
Add defconfigs for Linux v5.17
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-28
Alexander Popov
Drop unneeded return values (refactoring)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-26
Martin Rowe
UBSAN_SANITIZE_ALL not available on ARM
60/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-20
Alexander Popov
Add HARDEN_BRANCH_HISTORY for arm
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-20
Alexander Popov
Add MITIGATE_SPECTRE_BRANCH_HISTORY for arm64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-18
Alexander Popov
THREAD_INFO_IN_TASK is available for ARM since v5.16
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-18
Alexander Popov
Merge branch 'from-martin-rowe'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-15
Martin Rowe
EFI mitigations can't be enabled if EFI is not set
59/head
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-13
Alexander Popov
Fix the BPF_UNPRIV_DEFAULT_OFF check (it is enabled...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-13
Alexander Popov
Add CONFIG_SLS vs CVE-2021-26341 in Straight-Line-Specu...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-13
Alexander Popov
Add the comment that l1d_flush is a part of the l1tf...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-13
Alexander Popov
Add BPF_UNPRIV_DEFAULT_OFF to cut_attack_surface
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-05
Alexander Popov
Use the option type instead of calling hasattr()
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-03-05
Alexander Popov
Merge branch 'refactoring'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-02-14
Alexander Popov
Introduce the json_dump() class method
refactoring
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-02-14
Alexander Popov
Improve 'type' for ComplexOptCheck and PresenceCheck...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-02-14
Alexander Popov
Make populate_with_data() aware of data type
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-02-14
Alexander Popov
Add 'type' for PresenceCheck and VersionCheck
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-02-14
Alexander Popov
Rename VerCheck to VersionCheck
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
next