| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250122171925.25472-5-mgorman@techsingularity.net> Date: Wed, 22 Jan 2025 17:19:25 +0000 From: Mel Gorman <mgorman@...hsingularity.net> To: Kees Cook <kees@...nel.org> Cc: Daniel Micay <danielmicay@...il.com>, Paul Moore <paul@...l-moore.com>, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, Mel Gorman <mgorman@...hsingularity.net> Subject: [PATCH 4/4] fortify: Move FORTIFY_SOURCE under 'Kernel hardening options' FORTIFY_SOURCE is a hardening option both at build and runtime. Move it under 'Kernel hardening options'. Signed-off-by: Mel Gorman <mgorman@...hsingularity.net> --- security/Kconfig | 9 --------- security/Kconfig.hardening | 9 +++++++++ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/security/Kconfig b/security/Kconfig index fe7346dc4bc3..bca84f839fbe 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -159,15 +159,6 @@ config LSM_MMAP_MIN_ADDR this low address space will need the permission specific to the systems running LSM. -config FORTIFY_SOURCE - bool "Harden common str/mem functions against buffer overflows" - depends on ARCH_HAS_FORTIFY_SOURCE - # https://github.com/llvm/llvm-project/issues/53645 - depends on !CC_IS_CLANG || !X86_32 - help - Detect overflows of buffers in common string and memory functions - where the compiler can determine and validate the buffer sizes. - config STATIC_USERMODEHELPER bool "Force all usermode helper calls through a single binary" help diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index adcc260839c7..e22dc1801bee 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -281,6 +281,15 @@ endmenu menu "Bounds checking" +config FORTIFY_SOURCE + bool "Harden common str/mem functions against buffer overflows" + depends on ARCH_HAS_FORTIFY_SOURCE + # https://github.com/llvm/llvm-project/issues/53645 + depends on !CC_IS_CLANG || !X86_32 + help + Detect overflows of buffers in common string and memory functions + where the compiler can determine and validate the buffer sizes. + config HARDENED_USERCOPY bool "Harden memory copies between kernel and userspace" imply STRICT_DEVMEM -- 2.43.0
Powered by blists - more mailing lists