Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-12-24 10:10:55 -05:00
Code Issues Projects Releases Packages Wiki Activity

enable randomize_kstack_offset

Browse source
This commit is contained in:
Raja Grewal 2022-07-13 04:34:35 +10:00
parent f572332108
commit 74858d257b
No known key found for this signature in database
GPG key ID: E34A5801947020A5
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
etc/default/grub.d/40_kernel_hardening.cfg
View file

@ -29,6 +29,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"
## Enables page allocator freelist randomization.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1"
## Enables randomisation of the kernel stack offset on syscall entries (introduced in kernel 5.13).
## https://lkml.org/lkml/2019/3/18/246
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX randomize_kstack_offset=on"
## Enables kernel lockdown.
##
## Disabled for now as it enforces module signature verification which breaks