Disabling some options - Githubissues

anthraxx / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening

Other

554 stars 55 forks source link

Disabling some options #45

Closed hyder365 closed 3 years ago

hyder365 commented 3 years ago

I'd like to propose we consider disabling some dangerous, unmaintained options in the kernel that are being brought to light in this oss-sec discussion:

https://www.openwall.com/lists/oss-security/2020/07/28/3 https://www.openwall.com/lists/oss-security/2020/07/29/2

Thank you. (Sorry if this is not the right place to suggest config changes.)

tsautereau-anssi commented 3 years ago

So what are those dangerous Kconfig options that should be disabled, precisely?