projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
e2c996e
)
Fix the order in the vdso32 check
author
Alexander Popov
<alex.popov@linux.com>
Sat, 30 Dec 2023 20:41:01 +0000
(23:41 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Sat, 30 Dec 2023 20:41:01 +0000
(23:41 +0300)
kernel_hardening_checker/checks.py
patch
|
blob
|
history
diff --git
a/kernel_hardening_checker/checks.py
b/kernel_hardening_checker/checks.py
index 1c05b43f37375b77f661f387b888bf17356b2808..50dea2bf27b1c2faf693287978c94bded93c4832 100644
(file)
--- a/
kernel_hardening_checker/checks.py
+++ b/
kernel_hardening_checker/checks.py
@@
-544,14
+544,14
@@
def add_cmdline_checks(l, arch):
KconfigCheck('cut_attack_surface', 'kspp', 'X86_VSYSCALL_EMULATION', 'is not set'),
AND(KconfigCheck('cut_attack_surface', 'kspp', 'LEGACY_VSYSCALL_NONE', 'y'),
CmdlineCheck('cut_attack_surface', 'kspp', 'vsyscall', 'is not set')))]
KconfigCheck('cut_attack_surface', 'kspp', 'X86_VSYSCALL_EMULATION', 'is not set'),
AND(KconfigCheck('cut_attack_surface', 'kspp', 'LEGACY_VSYSCALL_NONE', 'y'),
CmdlineCheck('cut_attack_surface', 'kspp', 'vsyscall', 'is not set')))]
- l += [OR(CmdlineCheck('cut_attack_surface', '
my', 'vdso32', '1
'),
- CmdlineCheck('cut_attack_surface', '
kspp', 'vdso32', '0
'),
+ l += [OR(CmdlineCheck('cut_attack_surface', '
kspp', 'vdso32', '0
'),
+ CmdlineCheck('cut_attack_surface', '
my', 'vdso32', '1
'),
AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'),
CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set')))] # the vdso32 parameter must not be 2
if arch == 'X86_32':
AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'),
CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set')))] # the vdso32 parameter must not be 2
if arch == 'X86_32':
- l += [OR(CmdlineCheck('cut_attack_surface', '
my', 'vdso32', '1
'),
- CmdlineCheck('cut_attack_surface', 'my', 'vdso', '
1
'),
- CmdlineCheck('cut_attack_surface', '
kspp', 'vdso32', '0
'),
+ l += [OR(CmdlineCheck('cut_attack_surface', '
kspp', 'vdso32', '0
'),
+ CmdlineCheck('cut_attack_surface', 'my', 'vdso', '
0
'),
+ CmdlineCheck('cut_attack_surface', '
my', 'vdso32', '1
'),
CmdlineCheck('cut_attack_surface', 'my', 'vdso', '0'),
AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'),
CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set'),
CmdlineCheck('cut_attack_surface', 'my', 'vdso', '0'),
AND(KconfigCheck('cut_attack_surface', 'kspp', 'COMPAT_VDSO', 'is not set'),
CmdlineCheck('cut_attack_surface', 'my', 'vdso32', 'is not set'),