[ubuntu-hardened] 16.04 LTS: W^X detection - lack of a config options; X86_PTDUMP_CORE and DEBUG_WX
Seth Arnold
seth.arnold at canonical.com
Mon Jun 12 22:12:59 UTC 2017
On Sun, Jun 11, 2017 at 02:10:22PM +0200, daniel curtis wrote:
> So, is there any reason why these options are not included by default in
> Ubuntu 16.04 LTS, which was released with a Linux kernel v4.4? (That's the
> version where W^X detection has been added.)
Hello Daniel, I believe CONFIG_DEBUG_WX wasn't enabled in our 4.4 kernel
builds due to this: https://lkml.org/lkml/2015/12/14/670
Someone cares, and it should be scheduled to be fixed for 4.5.
The EFI mapping changes that were required to avoid the warning
were much too big and late to make 4.4.
So for now, don't enable CONFIG_DEBUG_WX for now. Unless you
want to actively debug the EFI mapping changes, that is. Which I
heartily recommend people doing.
This configuration is set in our newer kernels.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170612/e5a74282/attachment.pgp>
More information about the ubuntu-hardened
mailing list