debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

hardening: enable REFCOUNT_FULL and FORTIFY_SOURCE, disabled HARDENED_USERCOPY_FALLBACK

This commit is contained in:
Yves-Alexis Perez 2018-05-19 11:26:45 +02:00
parent c2dbc30362
commit ab436fc35b
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/changelog vendored
View File

@ -261,6 +261,10 @@ linux (4.16.8-1) UNRELEASED; urgency=medium
* proc: do not access cmdline nor environ from file-backed areas
(CVE-2018-1120)
[ Yves-Alexis Perez ]
* hardening: enable REFCOUNT_FULL and FORTIFY_SOURCE, disabled
HARDENED_USERCOPY_FALLBACK
-- Vagrant Cascadian <vagrant@debian.org> Mon, 30 Apr 2018 11:23:15 -0700
linux (4.16.5-1) unstable; urgency=medium

3
debian/config/config vendored
View File

@ -12,6 +12,7 @@ CONFIG_CC_STACKPROTECTOR_STRONG=y
## end choice
CONFIG_VMAP_STACK=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_REFCOUNT_FULL=y
##
## file: block/Kconfig
@ -7118,7 +7119,9 @@ CONFIG_SECURITY_NETWORK_XFRM=y
# CONFIG_INTEL_TXT is not set
CONFIG_LSM_MMAP_MIN_ADDR=32768
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=n
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_FORTIFY_SOURCE=y
CONFIG_LOCK_DOWN_KERNEL=y
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y
## choice: Default security module