[OpenWrt-Devel] [PATCH 00/10] kernel: Kernel Self Protection Project/Recommended Settings

Fri May 3 16:51:57 EDT 2019

This activates and deactivates some of the options suggested on the 
Kernel Self Protection Project/Recommended Settings wiki page
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings

Hauke Mehrtens (10):
  Kernel: Activate CONFIG_HARDENED_USERCOPY
  kernel: Activate CONFIG_ARM64_SW_TTBR0_PAN
  kernel: Remove CONFIG_DEBUG_RODATA and CONFIG_DEBUG_SET_MODULE_RONX
  kernel: Remove CONFIG_COMPAT
  kernel: Activate CONFIG_SYN_COOKIES for all targets
  kernel: Do not set CONFIG_DEVMEM or CONFIG_DEVKMEM
  kernel: Deactivate CONFIG_BINFMT_MISC
  x86: Activate CONFIG_X86_SMAP
  cns3xxx: Activate CONFIG_CPU_SW_DOMAIN_PAN
  gemini: Make kernel text and rodata read-only

 target/linux/armvirt/64/config-default        | 11 -----------
 target/linux/at91/config-4.9                  |  1 -
 target/linux/brcm2708/bcm2710/config-4.14     |  2 --
 target/linux/cns3xxx/config-4.14              |  1 -
 target/linux/cns3xxx/config-4.19              |  1 -
 target/linux/gemini/config-4.14               |  4 ----
 target/linux/gemini/config-4.19               |  4 ----
 target/linux/generic/config-4.14              |  7 ++++---
 target/linux/generic/config-4.19              |  8 +++++---
 target/linux/generic/config-4.9               |  4 +++-
 target/linux/layerscape/armv7/config-4.14     |  3 ---
 target/linux/layerscape/armv8_32b/config-4.14 |  3 ---
 target/linux/layerscape/armv8_64b/config-4.14 | 16 ----------------
 target/linux/malta/be64/config-default        |  6 ------
 target/linux/malta/le64/config-default        |  6 ------
 target/linux/mediatek/mt7622/config-4.14      | 12 ------------
 target/linux/mvebu/cortexa53/config-default   |  2 --
 target/linux/mvebu/cortexa72/config-default   |  2 --
 target/linux/octeon/config-4.14               |  6 ------
 target/linux/octeon/config-4.19               |  7 -------
 target/linux/octeontx/config-4.14             | 12 ------------
 target/linux/omap/config-4.14                 |  1 -
 target/linux/samsung/s5pv210/config-4.14      |  1 -
 target/linux/sunxi/config-4.14                |  1 -
 target/linux/sunxi/config-4.19                |  1 -
 target/linux/sunxi/cortexa53/config-4.14      |  2 --
 target/linux/sunxi/cortexa53/config-4.19      |  2 --
 target/linux/uml/config/x86_64                |  1 -
 target/linux/x86/config-4.14                  |  3 +--
 target/linux/x86/config-4.19                  |  3 +--
 target/linux/zynq/config-4.14                 |  1 -
 31 files changed, 14 insertions(+), 120 deletions(-)

-- 
2.20.1


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel