Source: linux Version: 4.8.15-1 Severity: wishlist User: tails-...@boum.org Usertags: kernel-self-protection
Hi, in Tails we would like to try enabling page_poison=1 on the kernel command-line, as recommended by the KSPP: http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project This requires CONFIG_PAGE_POISONING=y. If I got it right, this doesn't affect systems unless this feature is also enabled on the kernel command-line. Any reason not to enable CONFIG_PAGE_POISONING in the Debian kernel? https://outflux.net/blog/archives/2016/09/30/security-things-in-linux-v4-6/ also seems to have useful information about this. Cheers, -- intrigeri
