[PATCH][IMPISH] UBUNTU: [Config] Enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT
Colin King
colin.king at canonical.com
Fri Jun 25 08:42:17 UTC 2021
From: Colin Ian King <colin.king at canonical.com>
Kernel stack offset randomization is a useful security feature
that should be enabled. Benchmarking showed that the impact is
within the noise of various microbenchmarks so I believe this
has some added benefit with minimal performance impact. The
security folk believe this is worth enabling, so lets switch
it on.
Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
debian.master/config/config.common.ubuntu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index ab828d5..0b46c98 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -8415,7 +8415,7 @@ CONFIG_RAID6_PQ_BENCHMARK=y
CONFIG_RAID_ATTRS=m
# CONFIG_RANDOM32_SELFTEST is not set
CONFIG_RANDOMIZE_BASE=y
-# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set
+CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
CONFIG_RANDOMIZE_MEMORY=y
CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
CONFIG_RANDOMIZE_MODULE_REGION_FULL=y
--
2.7.4
More information about the kernel-team
mailing list