projects
/
kconfig-hardened-check.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅ next
Add INIT_STACK_ALL as an alternative to GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
[kconfig-hardened-check.git]
/
kconfig-hardened-check.py
2019-08-22
Alexander Popov
Add INIT_STACK_ALL as an alternative to GCC_PLUGIN_STRU...
blob
|
commitdiff
|
raw
2019-08-22
Alexander Popov
Add SHUFFLE_PAGE_ALLOCATOR from v5.2
blob
|
commitdiff
|
raw
|
diff to current
2019-08-22
Alexander Popov
Add some new sysctls (to remember them)
blob
|
commitdiff
|
raw
|
diff to current
2019-07-08
Alexander Popov
Merge pull request #22 from adrianopol/master
blob
|
commitdiff
|
raw
|
diff to current
2019-07-07
Andrew Petelin
#20 fix: use right quotes in json output
22/head
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Alexander Popov
Do code refactoring without changing the functionality
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Alexander Popov
Merge branch 'json-support'
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Alexander Popov
json: Fix minor things and update the README
blob
|
commitdiff
|
raw
|
diff to current
2019-06-24
Andrew Petelin
add --json option
21/head
blob
|
commitdiff
|
raw
|
diff to current
2019-06-04
Alexander Popov
Drop CONFIG_X86_MSR from the recommendations
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add the LDISC_AUTOLOAD check
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Attribute some of my recommendations to CLIP OS - part II
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Attribute some of my recommendations to CLIP OS
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add my recommendations for AMD (similar to CLIP OS...
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add X86-specific CLIP OS recommendations for kernel...
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add arch-independent CLIP OS recommendations for kernel...
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add more details about STACKLEAK
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Don't recommend any particular LSM to avoid the holy war
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Add CLIP OS recommendations for cutting attack surface
blob
|
commitdiff
|
raw
|
diff to current
2019-06-03
Alexander Popov
Improve printing of the results
blob
|
commitdiff
|
raw
|
diff to current
2019-05-27
Alexander Popov
Add more kernel command line parameters to comments
blob
|
commitdiff
|
raw
|
diff to current
2019-03-13
Alexander Popov
Add the comment about kptr_restrict
blob
|
commitdiff
|
raw
|
diff to current
2019-03-13
Alexander Popov
Add ARM64_PTR_AUTH check
blob
|
commitdiff
|
raw
|
diff to current
2019-03-13
Alexander Popov
Add STACKPROTECTOR_PER_TASK check for ARM
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Don't hide AND check results if the requirements are...
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Improve the final result output
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Use the AND check for HARDENED_USERCOPY_FALLBACK
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Use the AND check for PAGE_POISONING_NO_SANITY and...
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Implement AND ComplexOptCheck
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Add a sanity check and do minor refactoring
blob
|
commitdiff
|
raw
|
diff to current
2019-03-12
Alexander Popov
Introduce the ComplexOptCheck superclass
blob
|
commitdiff
|
raw
|
diff to current
2019-03-11
Alexander Popov
Add explicit checks for CONFIG_MODULES and CONFIG_DEVMEM
blob
|
commitdiff
|
raw
|
diff to current
2019-03-11
Alexander Popov
Add missing OR use case
blob
|
commitdiff
|
raw
|
diff to current
2019-03-11
Alexander Popov
Improve the output of OR checks
blob
|
commitdiff
|
raw
|
diff to current
2019-03-04
Alexander Popov
Add the RESET_ATTACK_MITIGATION check according to...
blob
|
commitdiff
|
raw
|
diff to current
2019-03-04
Alexander Popov
Fix false positive about CONFIG_MODULE_SIG_FORCE.
blob
|
commitdiff
|
raw
|
diff to current
2019-01-24
Alexander Popov
Update the README and comments after adding ARM support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-24
Alexander Popov
Add ARM support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-23
Alexander Popov
Go through all the checks in debug mode
blob
|
commitdiff
|
raw
|
diff to current
2019-01-23
Alexander Popov
Add ARM64 support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-22
Alexander Popov
Add X86_32 support
blob
|
commitdiff
|
raw
|
diff to current
2019-01-21
Alexander Popov
Make the script aware of target architecture
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Merge branch 'decision-cleanup'
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change the last 'ubuntu18' checks (about lockdown)
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change 'decision' to 'grsecurity' for their additional...
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change 'decision' to 'kspp' for non-default options...
blob
|
commitdiff
|
raw
|
diff to current
2019-01-14
Alexander Popov
Change 'decision' to 'defconfig' for hardening features...
blob
|
commitdiff
|
raw
|
diff to current
2018-12-21
Alexander Popov
Add kernel command line options enabling mitigations...
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Add TODO (hardening preferences for ARM) and update...
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Check x86 hardening features: X86_SMAP and X86_INTEL_UMIP
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Add SECURITY_LOADPIN check
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Add SLAB_MERGE_DEFAULT check
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Mention net.core.bpf_jit_harden
blob
|
commitdiff
|
raw
|
diff to current
2018-12-12
Alexander Popov
Recommend slub_debug=FZP
blob
|
commitdiff
|
raw
|
diff to current
2018-12-07
Alexander Popov
Mark options connected with CONFIG_LOCK_DOWN_KERNEL...
blob
|
commitdiff
|
raw
|
diff to current
2018-12-07
Alexander Popov
Add CONFIG_LOCK_DOWN_KERNEL
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Alexander Popov
Minor fixes for the script output
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Alexander Popov
Merge branch 'from-iad42-1'
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Anatoly Ivanov
get_option_state function now looks a lot prettier...
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Anatoly Ivanov
Made long lines in major output shorter
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Alexander Popov
Add DEBUG_RODATA as old alternative to STRICT_KERNEL_RWX
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Alexander Popov
Align lines better
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Alexander Popov
Add DEBUG_SET_MODULE_RONX as old alternative to STRICT_...
blob
|
commitdiff
|
raw
|
diff to current
2018-07-30
Alexander Popov
Update the function names according to the new meaning
blob
|
commitdiff
|
raw
|
diff to current
2018-07-27
Alexander Popov
Comment out LKDTM
blob
|
commitdiff
|
raw
|
diff to current
2018-07-25
Alexander Popov
Avoid false positive errors if CONFIG_MODULES is not set
blob
|
commitdiff
|
raw
|
diff to current
2018-07-25
Alexander Popov
Support both versions of the STACKPROTECTOR_STRONG...
blob
|
commitdiff
|
raw
|
diff to current
2018-07-24
Alexander Popov
Merge branch 'OR-from-anthraxx'
blob
|
commitdiff
|
raw
|
diff to current
2018-07-24
Alexander Popov
Improve the OR result calculation
blob
|
commitdiff
|
raw
|
diff to current
2018-07-24
Alexander Popov
Adjust the output format
blob
|
commitdiff
|
raw
|
diff to current
2018-07-24
anthraxx
support DEVMEM not set when considering STRICT_DEVMEM...
blob
|
commitdiff
|
raw
|
diff to current
2018-07-24
Alexander Popov
Add the comment describing OR use case
blob
|
commitdiff
|
raw
|
diff to current
2018-07-24
Alexander Popov
OR needs OptCheck.check() return values
blob
|
commitdiff
|
raw
|
diff to current
2018-07-24
anthraxx
support logical OR operations on options
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Merge branch 'from-hackurx-1'
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Loïc
Add Grsecurity recommendation on BINFMT_AOUT
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Merge branch 'arch-changes-from-anthraxx'
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Count errors in the end
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Rename 'opt_list' as well
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
anthraxx
rename Opt to better matching OptCheck
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Don't return the result from Opt.check(), we don't...
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
anthraxx
store option check result as class member
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Please forgive me, I fear lambdas :\
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Debug mode output should be printed before the final...
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Fix the output: ERROR, not BUG
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Rename check_state() according the new meaning
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Fix the check against multiple options in config file
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Use None as state of the options which are not found
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
Alexander Popov
Drop assertions which are now useless
blob
|
commitdiff
|
raw
|
diff to current
2018-07-20
anthraxx
improve architecture in preparation for new features
blob
|
commitdiff
|
raw
|
diff to current
2018-07-13
Alexander Popov
ArgumentParser: drop unneeded default=False for args...
blob
|
commitdiff
|
raw
|
diff to current
2018-07-13
Alexander Popov
ArgumentParser: Improve description
blob
|
commitdiff
|
raw
|
diff to current
2018-07-13
anthraxx
argparse: using python module instead of manual getopt
blob
|
commitdiff
|
raw
|
diff to current
2018-07-05
Alexander Popov
Consider 'not found' as an equivalent of 'is not set'
blob
|
commitdiff
|
raw
|
diff to current
2018-07-05
Alexander Popov
Add rules for options disabled by grsecurity
blob
|
commitdiff
|
raw
|
diff to current
2018-07-04
Alexander Popov
Move some features to 'cut_attack_surface' category
blob
|
commitdiff
|
raw
|
diff to current
2018-07-04
Alexander Popov
More decisions on kernel options
blob
|
commitdiff
|
raw
|
diff to current
2018-06-20
Alexander Popov
Disable buggy IP_SCTP to cut attack surface
blob
|
commitdiff
|
raw
|
diff to current
2018-06-20
Alexander Popov
Disable only CONFIG_USER_NS, not whole CONFIG_NAMESPACES
blob
|
commitdiff
|
raw
|
diff to current
2018-06-20
Alexander Popov
Add kconfig-hardened-check.py
blob
|
commitdiff
|
raw
|
diff to current
projects / kconfig-hardened-check.git / history