Source: linux Version: 5.18.14-1 Severity: wishlist User: tails-...@boum.org Usertags: hardening
Hi! Please consider setting CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y (5.13 or newer). This enables a security feature with low performance overhead. Original pull request: https://lkml.iu.edu/hypermail/linux/kernel/2104.3/01302.html Ubuntu 22.04 LTS has this setting enabled by default. KSPP recommends enabling it: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings Thanks for your attention, cheers! -- intrigeri