Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
fortify: Move FORTIFY_SOURCE under 'Kernel hardening options'
FORTIFY_SOURCE is a hardening option both at build and runtime. Move
it under 'Kernel hardening options'.
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20250123221115.19722-5-mgorman@techsingularity.net
Signed-off-by: Kees Cook <kees@kernel.org>
authored by
Mel Gorman
and committed by
Kees Cook
ca758b14
496d2d23
+9
-9
-9
security/Kconfig
-9
security/Kconfig
···
164
164
this low address space will need the permission specific to the
165
165
systems running LSM.
166
166
167
-
config FORTIFY_SOURCE
168
-
bool "Harden common str/mem functions against buffer overflows"
169
-
depends on ARCH_HAS_FORTIFY_SOURCE
170
-
# https://github.com/llvm/llvm-project/issues/53645
171
-
depends on !CC_IS_CLANG || !X86_32
172
-
help
173
-
Detect overflows of buffers in common string and memory functions
174
-
where the compiler can determine and validate the buffer sizes.
175
-
176
167
config STATIC_USERMODEHELPER
177
168
bool "Force all usermode helper calls through a single binary"
178
169
help
+9
security/Kconfig.hardening
+9
security/Kconfig.hardening
···
282
282
283
283
menu "Bounds checking"
284
284
285
+
config FORTIFY_SOURCE
286
+
bool "Harden common str/mem functions against buffer overflows"
287
+
depends on ARCH_HAS_FORTIFY_SOURCE
288
+
# https://github.com/llvm/llvm-project/issues/53645
289
+
depends on !CC_IS_CLANG || !X86_32
290
+
help
291
+
Detect overflows of buffers in common string and memory functions
292
+
where the compiler can determine and validate the buffer sizes.
293
+
285
294
config HARDENED_USERCOPY
286
295
bool "Harden memory copies between kernel and userspace"
287
296
imply STRICT_DEVMEM