Commit ab436fc3 authored by Yves-Alexis Perez's avatar Yves-Alexis Perez

hardening: enable REFCOUNT_FULL and FORTIFY_SOURCE, disabled HARDENED_USERCOPY_FALLBACK

parent c2dbc303
......@@ -261,6 +261,10 @@ linux (4.16.8-1) UNRELEASED; urgency=medium
* proc: do not access cmdline nor environ from file-backed areas
(CVE-2018-1120)
[ Yves-Alexis Perez ]
* hardening: enable REFCOUNT_FULL and FORTIFY_SOURCE, disabled
HARDENED_USERCOPY_FALLBACK
-- Vagrant Cascadian <vagrant@debian.org> Mon, 30 Apr 2018 11:23:15 -0700
linux (4.16.5-1) unstable; urgency=medium
......@@ -12,6 +12,7 @@ CONFIG_CC_STACKPROTECTOR_STRONG=y
## end choice
CONFIG_VMAP_STACK=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_REFCOUNT_FULL=y
##
## file: block/Kconfig
......@@ -7118,7 +7119,9 @@ CONFIG_SECURITY_NETWORK_XFRM=y
# CONFIG_INTEL_TXT is not set
CONFIG_LSM_MMAP_MIN_ADDR=32768
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=n
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_FORTIFY_SOURCE=y
CONFIG_LOCK_DOWN_KERNEL=y
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
## choice: Default security module
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment