[PATCH] UBUNTU: config: enable DEBUG_CREDENTIALS

[John Johansen]

On 07/20/2012 01:57 PM, Kees Cook wrote:
> This adds a few bytes of overhead to each credential and adds a tiny
> amount of CPU overhead when changing credentials. It can catch some
> types of credential manipulation attacks, so turn it on.
> 
Hey kees, Its a great debug option, however I am still not sure its
worth the admittedly minor cost of turning it on for our kernels and
I am still looking into it

thanks
john

> Signed-off-by: Kees Cook <kees at ubuntu.com>
> ---
>  debian.master/config/config.common.ubuntu |    2 +-
>  debian.master/config/enforce              |    1 +
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index a1bcec2..e24e3d00 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -1241,7 +1241,7 @@ CONFIG_DEBUGGER=y
>  # CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
>  # CONFIG_DEBUG_BOOT_PARAMS is not set
>  CONFIG_DEBUG_BUGVERBOSE=y
> -# CONFIG_DEBUG_CREDENTIALS is not set
> +CONFIG_DEBUG_CREDENTIALS=y
>  # CONFIG_DEBUG_DEVRES is not set
>  # CONFIG_DEBUG_DRIVER is not set
>  # CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
> diff --git a/debian.master/config/enforce b/debian.master/config/enforce
> index 89c9497..1cb6270 100644
> --- a/debian.master/config/enforce
> +++ b/debian.master/config/enforce
> @@ -20,6 +20,7 @@ value CONFIG_DEFAULT_SECURITY_APPARMOR y
>  !exists CONFIG_DEBUG_RODATA | value CONFIG_DEBUG_RODATA y
>  !exists CONFIG_DEBUG_SET_MODULE_RONX | value CONFIG_DEBUG_SET_MODULE_RONX y
>  !exists CONFIG_STRICT_DEVMEM | value CONFIG_STRICT_DEVMEM y
> +!exists CONFIG_DEBUG_CREDENTIALS | value CONFIG_DEBUG_CREDENTIALS y
>  # For architectures which support this option ensure it is disabled.
>  !exists CONFIG_COMPAT_VDSO | value CONFIG_COMPAT_VDSO n
>  !exists CONFIG_ACPI_CUSTOM_METHOD | value CONFIG_ACPI_CUSTOM_METHOD n
>