Bug#1016056: src:linux: Please enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y

intrigeri Tue, 26 Jul 2022 01:30:19 -0700

Source: linux
Version: 5.18.14-1
Severity: wishlist
User: tails-...@boum.org
Usertags: hardening


Hi!

Please consider setting CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
(5.13 or newer).

This enables a security feature with low performance overhead.

Original pull request:
https://lkml.iu.edu/hypermail/linux/kernel/2104.3/01302.html

Ubuntu 22.04 LTS has this setting enabled by default.

KSPP recommends enabling it:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings

Thanks for your attention,
cheers!
-- 
intrigeri

Bug#1016056: src:linux: Please enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y

Reply via email to