FS#54788 - [linux] Enable KALSR by default
Attached to Project:
Arch Linux
Opened by AnAkkk (AnAkkk) - Thursday, 13 July 2017, 08:56 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 13 July 2017, 19:56 GMT
Opened by AnAkkk (AnAkkk) - Thursday, 13 July 2017, 08:56 GMT
Last edited by Jan Alexander Steffens (heftig) - Thursday, 13 July 2017, 19:56 GMT
|
Details
KALSR has been enabled by default with the release of Linux
4.12, but it is still disabled in Arch config files. It was
already enabled by default in many other distributions and
it would be good to enable it for better security.
See [1] for the commit that enables it and [2] for the blog post from Kees Cook about security changes in linux 4.12. 1) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6807c84652b0b7e2e198e50a9ad47ef41b236e59 2) https://outflux.net/blog/archives/2017/07/10/security-things-in-linux-v4-12/ |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Thursday, 13 July 2017, 19:56 GMT
Reason for closing: Implemented
Additional comments about closing: 4.12.1-2
Thursday, 13 July 2017, 19:56 GMT
Reason for closing: Implemented
Additional comments about closing: 4.12.1-2
Comment by loqs (loqs) - Thursday,
13 July 2017, 17:22 GMT
Does thestinger think it is worthwhile to enable it with both
dmesg_restrict and kptr_restrict off?
https://lwn.net/Articles/569635/