* Kees Cook wrote:
> On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote:
> > Hi!
> >
> >>
> >> -config DEBUG_RODATA
> >> +config STRICT_KERNEL_RWX
> >> bool "Make kernel text and rodata read-only" if
> >> ARCH_OPTIONAL_KERNEL_RWX
> >> depends on ARCH_HAS_STRICT_KERNEL_RWX
> >>
On Thu, Feb 16, 2017 at 05:08:20PM -0800, Kees Cook wrote:
> On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote:
> > Hi!
> >
> >>
> >> -config DEBUG_RODATA
> >> +config STRICT_KERNEL_RWX
> >> bool "Make kernel text and rodata read-only" if
> >> ARCH_OPTIONAL_KERNEL_RWX
> >> depends o
On 17.02.2017 02:08, Kees Cook wrote:
> On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote:
>> Hi!
>>
>>>
>>> -config DEBUG_RODATA
>>> +config STRICT_KERNEL_RWX
>>> bool "Make kernel text and rodata read-only" if
>>> ARCH_OPTIONAL_KERNEL_RWX
>>> depends on ARCH_HAS_STRICT_KERNEL_RWX
On Thu, Feb 16, 2017 at 2:25 PM, Pavel Machek wrote:
> Hi!
>
>>
>> -config DEBUG_RODATA
>> +config STRICT_KERNEL_RWX
>> bool "Make kernel text and rodata read-only" if
>> ARCH_OPTIONAL_KERNEL_RWX
>> depends on ARCH_HAS_STRICT_KERNEL_RWX
>> default !ARCH_OPTIONAL_KERNEL_RWX ||
>
Hi!
>
> -config DEBUG_RODATA
> +config STRICT_KERNEL_RWX
> bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX
> depends on ARCH_HAS_STRICT_KERNEL_RWX
> default !ARCH_OPTIONAL_KERNEL_RWX ||
Debug features are expected to have runtime cost, so kconfig help
Both of these options are poorly named. The features they provide are
necessary for system security and should not be considered debug only.
Change the names to CONFIG_STRICT_KERNEL_RWX and
CONFIG_STRICT_MODULE_RWX to better describe what these options do.
Signed-off-by: Laura Abbott
---
v3: Mino
6 matches
Mail list logo
