FS#71296 - [linux] Enable CONFIG_DEBUG_LIST
Attached to Project:
Arch Linux
Opened by LucaS (luca020400) - Saturday, 19 June 2021, 12:35 GMT
Last edited by Jan Alexander Steffens (heftig) - Sunday, 20 June 2021, 19:20 GMT
Opened by LucaS (luca020400) - Saturday, 19 June 2021, 12:35 GMT
Last edited by Jan Alexander Steffens (heftig) - Sunday, 20 June 2021, 19:20 GMT
|
Details
Description: Enable CONFIG_DEBUG_LIST in defconfig
This flag, even if under the DEBUG namespace, is known to prevent known vulnerabilities in the kernel. Linked lists are heavily used in kernel-land and have been exploited in the wild, especially on Android devices. As of Android 12 ( kernel v5.4, v5.10, mainline ) this config is enforced for all new shipping devices. Quite a few CVEs could've been simply avoided by turning this option ( see lore [0] & P0 [1] for a few examples ) A rename of the flag has been proposed (RFC) in the kernel-hardening mailing list [0], but it's still under review. [0]20200324153643.15527-1-will@kernel.org/"> https://lore.kernel.org/kernel-hardening/20200324153643.15527-1-will@kernel.org/ [1] https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html Additional info: * package version(s): linux (any) Steps to reproduce: zgrep CONFIG_DEBUG_LIST /proc/config.gz # CONFIG_DEBUG_LIST is not set |
This task depends upon
Closed by Jan Alexander Steffens (heftig)
Sunday, 20 June 2021, 19:20 GMT
Reason for closing: Implemented
Additional comments about closing: Enabled in trunk, pending next release.
Sunday, 20 June 2021, 19:20 GMT
Reason for closing: Implemented
Additional comments about closing: Enabled in trunk, pending next release.