alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

linux_hardened: enable structleak plugin

Browse source 
A port of the PaX structleak plugin.  Note that this version of structleak
seems to cover less ground than the PaX original (only marked structs are
zeroed). [1]

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61f13eaa1ee17728c41370100d2d45c254ce76f
This commit is contained in:
Joachim Fasting 2017-05-06 18:57:11 +02:00
parent 1816e2b960
commit 996b65cfba
No known key found for this signature in database
GPG key ID: 7544761007FE4E08
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkgs/os-specific/linux/kernel/hardened-config.nix
View file

@ -15,6 +15,10 @@ assert (versionAtLeast version "4.9");
''
GCC_PLUGINS y # Enable gcc plugin options
${optionalString (versionAtLeast version "4.11") ''
GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
''}
DEBUG_WX y # A one-time check for W+X mappings at boot; doesn't do anything beyond printing a warning
${optionalString (versionAtLeast version "4.10") ''