Commit 6b175bc9 authored by Romain Perier's avatar Romain Perier

Enable STRICT_MODULE_RWX

With this option set, module text and rodata memory areas will be made
read-only. Moreover, non-text memory will be made non-executable. This
provides protection against certain security exploits. Currently, this
option is implicitly enabled in Kconfig for most configurations where it
is possible to enable it. This commit enables the option by default
explictly for all supported targets (except marvell to keep it small)
parent 693bbd78
......@@ -642,6 +642,7 @@ linux (4.19.26-1) UNRELEASED; urgency=medium
* [rt] Update to 4.19.25-rt16
* [armel/rpi] Add flavour for Raspberry Pi and Raspberry Pi Zero
* [armel, armhf] Enable CRASH_DUMP
* Enable STRICT_MODULE_RWX
-- Ben Hutchings <ben@decadent.org.uk> Tue, 12 Feb 2019 12:49:10 +0000
......
......@@ -4,6 +4,7 @@
# CONFIG_KPROBES is not set
# CONFIG_STACKPROTECTOR_STRONG is not set
# CONFIG_STRICT_KERNEL_RWX is not set
# CONFIG_STRICT_MODULE_RWX is not set
##
## file: arch/arm/Kconfig
......
......@@ -9,6 +9,7 @@ CONFIG_STACKPROTECTOR=y
CONFIG_STACKPROTECTOR_STRONG=y
CONFIG_VMAP_STACK=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_STRICT_MODULE_RWX=y
##
## file: block/Kconfig
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment