public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

linux_hardened: enforce usercopy whitelisting

Browse Source 
The default is to warn only
This commit is contained in:
Joachim Fasting 2018-04-29 12:00:16 +02:00
parent cbc3afc655
commit 33615ccfa5
No known key found for this signature in database
GPG Key ID: 5C204DF675C90294
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkgs/os-specific/linux/kernel/hardened-config.nix
View File

@ -78,6 +78,9 @@ ${optionalString (versionAtLeast version "4.13") ''
# Perform usercopy bounds checking. # Perform usercopy bounds checking.
HARDENED_USERCOPY y HARDENED_USERCOPY y
${optionalString (versionAtLeast version "4.16") ''
HARDENED_USERCOPY_FALLBACK n
''}
# Randomize allocator freelists. # Randomize allocator freelists.
SLAB_FREELIST_RANDOM y SLAB_FREELIST_RANDOM y