On Wed, Jan 24, 2018 at 10:05 AM, Borislav Petkov <b...@alien8.de> wrote: > On Tue, Jan 23, 2018 at 11:55:05PM +0100, Jiri Kosina wrote: >> I think we should start recording CFLAGS the kernel has been compiled with >> anyway; doesn't hurt and might come handy when debugging. >> >> /proc/version is probably not the best place ... /proc/cflags? > > Yap, I guess I can find that string with hexdump on the kernel binary too :-)
I've wanted this for a while (especially for the coming detected support for stack protector). Having more than just the clfags is, I think, important. We'd likely want to record the entire environment (compiler version, linker version, flags on both, etc). -Kees -- Kees Cook Pixel Security
