diff options
Diffstat (limited to 'kernel/configs/hardening.config')
| -rw-r--r-- | kernel/configs/hardening.config | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/kernel/configs/hardening.config b/kernel/configs/hardening.config index 95a400f042..4b4cfcba31 100644 --- a/kernel/configs/hardening.config +++ b/kernel/configs/hardening.config @@ -39,12 +39,15 @@ CONFIG_UBSAN=y CONFIG_UBSAN_TRAP=y CONFIG_UBSAN_BOUNDS=y # CONFIG_UBSAN_SHIFT is not set -# CONFIG_UBSAN_DIV_ZERO -# CONFIG_UBSAN_UNREACHABLE -# CONFIG_UBSAN_BOOL -# CONFIG_UBSAN_ENUM -# CONFIG_UBSAN_ALIGNMENT -CONFIG_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN_DIV_ZERO is not set +# CONFIG_UBSAN_UNREACHABLE is not set +# CONFIG_UBSAN_SIGNED_WRAP is not set +# CONFIG_UBSAN_BOOL is not set +# CONFIG_UBSAN_ENUM is not set +# CONFIG_UBSAN_ALIGNMENT is not set + +# Sampling-based heap out-of-bounds and use-after-free detection. +CONFIG_KFENCE=y # Linked list integrity checking. CONFIG_LIST_HARDENED=y @@ -93,6 +96,3 @@ CONFIG_SYN_COOKIES=y # Attack surface reduction: Use the modern PTY interface (devpts) only. # CONFIG_LEGACY_PTYS is not set - -# Attack surface reduction: Use only modesetting video drivers. -# CONFIG_DRM_LEGACY is not set |