From 3e131174d5919303462295cb0852a9254885ae7c Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 23 Dec 2019 05:00:35 -0500 Subject: [PATCH] comments --- etc/default/grub.d/40_kernel_hardening.cfg | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg index d88ba7f..47fd62f 100644 --- a/etc/default/grub.d/40_kernel_hardening.cfg +++ b/etc/default/grub.d/40_kernel_hardening.cfg @@ -2,6 +2,7 @@ ## See the file COPYING for copying conditions. kver="$(uname -r)" +#echo "## kver: $kver" ## Disables the merging of slabs of similar sizes. ## Sometimes a slab can be used in a vulnerable way which an attacker can exploit. @@ -11,9 +12,11 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZ" ## Zero memory at allocation and free time. -if dpkg --compare-versions "${kver}" ge "5.3"; then +if dpkg --compare-versions "$kver" ge "5.3"; then + #echo "## $kver grater or equal 5.3: yes" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1" else + #echo "## $kver grater or equal 5.3: no" ## SLUB poisoning and page poisoning is used if the kernel ## does not yet support init_on_{,alloc,free}. GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=P"