APPLIED: [PATCH][IMPISH] UBUNTU: [Config] Enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT
Andrea Righi
andrea.righi at canonical.com
Mon Jul 12 06:33:27 UTC 2021
On Fri, Jun 25, 2021 at 09:42:17AM +0100, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> Kernel stack offset randomization is a useful security feature
> that should be enabled. Benchmarking showed that the impact is
> within the noise of various microbenchmarks so I believe this
> has some added benefit with minimal performance impact. The
> security folk believe this is worth enabling, so lets switch
> it on.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
Applied to impish/linux (5.13).
Thanks,
-Andrea
> ---
> debian.master/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
> index ab828d5..0b46c98 100644
> --- a/debian.master/config/config.common.ubuntu
> +++ b/debian.master/config/config.common.ubuntu
> @@ -8415,7 +8415,7 @@ CONFIG_RAID6_PQ_BENCHMARK=y
> CONFIG_RAID_ATTRS=m
> # CONFIG_RANDOM32_SELFTEST is not set
> CONFIG_RANDOMIZE_BASE=y
> -# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set
> +CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
> CONFIG_RANDOMIZE_MEMORY=y
> CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
> CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list