FS#54788 - [linux] Enable KALSR by default

Attached to Project: Arch Linux
Opened by AnAkkk (AnAkkk) - Thursday, 13 July 2017, 08:56 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 13 July 2017, 19:56 GMT
Task Type Feature Request
Category Packages: Testing
Status Closed
Assigned To Tobias Powalowski (tpowa)
Jan Alexander Steffens (heftig)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

KALSR has been enabled by default with the release of Linux 4.12, but it is still disabled in Arch config files. It was already enabled by default in many other distributions and it would be good to enable it for better security.

See [1] for the commit that enables it and [2] for the blog post from Kees Cook about security changes in linux 4.12.

1) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6807c84652b0b7e2e198e50a9ad47ef41b236e59
2) https://outflux.net/blog/archives/2017/07/10/security-things-in-linux-v4-12/
This task depends upon

Closed by  Jan Alexander Steffens (heftig)
Thursday, 13 July 2017, 19:56 GMT
Reason for closing:  Implemented
Additional comments about closing:  4.12.1-2
Comment by loqs (loqs) - Thursday, 13 July 2017, 17:22 GMT
Does thestinger think it is worthwhile to enable it with both dmesg_restrict and kptr_restrict off? https://lwn.net/Articles/569635/

Loading...