| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1396346657-7166-1-git-send-email-holler@ahsoftware.de> Date: Tue, 1 Apr 2014 12:04:17 +0200 From: Alexander Holler <holler@...oftware.de> To: linux-arm-kernel@...ts.infradead.org Cc: linux-kernel@...r.kernel.org, Russell King <linux@....linux.org.uk>, Laura Abbott <lauraa@...eaurora.org>, Will Deacon <will.deacon@....com>, Catalin Marinas <catalin.marinas@....com>, Alexander Holler <holler@...oftware.de> Subject: [PATCH] arm: don't allow CONFIG_DEBUG_SET_MODULE_RONX if CONFIG_JUMP_LABEL is enabled CONFIG_DEBUG_SET_MODULE_RONX sounds like a nice security feature, but things might fail late (and unexpected) if module code is set to read-only while CONFIG_JUMP_LABEL is enabled (e.g. modprobe bridge). Avoid this. Signed-off-by: Alexander Holler <holler@...oftware.de> --- arch/arm/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug index 0531da8..6627b9e 100644 --- a/arch/arm/Kconfig.debug +++ b/arch/arm/Kconfig.debug @@ -1197,7 +1197,7 @@ config PID_IN_CONTEXTIDR config DEBUG_SET_MODULE_RONX bool "Set loadable kernel module data as NX and text as RO" - depends on MODULES + depends on MODULES && !JUMP_LABEL ---help--- This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists