hardening: enable REFCOUNT_FULL and FORTIFY_SOURCE, disabled HARDENED_USERCOPY_FALLBACK
This commit is contained in:
parent
c2dbc30362
commit
ab436fc35b
|
@ -261,6 +261,10 @@ linux (4.16.8-1) UNRELEASED; urgency=medium
|
|||
* proc: do not access cmdline nor environ from file-backed areas
|
||||
(CVE-2018-1120)
|
||||
|
||||
[ Yves-Alexis Perez ]
|
||||
* hardening: enable REFCOUNT_FULL and FORTIFY_SOURCE, disabled
|
||||
HARDENED_USERCOPY_FALLBACK
|
||||
|
||||
-- Vagrant Cascadian <vagrant@debian.org> Mon, 30 Apr 2018 11:23:15 -0700
|
||||
|
||||
linux (4.16.5-1) unstable; urgency=medium
|
||||
|
|
|
@ -12,6 +12,7 @@ CONFIG_CC_STACKPROTECTOR_STRONG=y
|
|||
## end choice
|
||||
CONFIG_VMAP_STACK=y
|
||||
CONFIG_STRICT_KERNEL_RWX=y
|
||||
CONFIG_REFCOUNT_FULL=y
|
||||
|
||||
##
|
||||
## file: block/Kconfig
|
||||
|
@ -7118,7 +7119,9 @@ CONFIG_SECURITY_NETWORK_XFRM=y
|
|||
# CONFIG_INTEL_TXT is not set
|
||||
CONFIG_LSM_MMAP_MIN_ADDR=32768
|
||||
CONFIG_HARDENED_USERCOPY=y
|
||||
CONFIG_HARDENED_USERCOPY_FALLBACK=n
|
||||
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
|
||||
CONFIG_FORTIFY_SOURCE=y
|
||||
CONFIG_LOCK_DOWN_KERNEL=y
|
||||
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
|
||||
## choice: Default security module
|
||||
|
|
Loading…
Reference in New Issue