From aa34d86598f5b846b007730104e4c99c59f9984d Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Mon, 5 Aug 2024 14:27:17 +1000
Subject: [PATCH] Enable `slab_debug=FZ`

---
 README.md                                  | 4 ++--
 etc/default/grub.d/40_kernel_hardening.cfg | 4 +---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index a187056..3ac2ab4 100644
--- a/README.md
+++ b/README.md
@@ -121,8 +121,8 @@ configuration file.
 - Disable merging of slabs with similar size, which reduces the risk of
   triggering heap overflows and limits influencing slab cache layout.
 
-- Provide the option to enable sanity checks and red zoning via slab debugging.
-  Enabling this feature will implicitly disable kernel pointer hashing.
+- Enable sanity checks and red zoning via slab debugging. This will implicitly
+  disable kernel pointer hashing, leaking very sensitive information to root.
 
 - Enable memory zeroing at both allocation and free time, which mitigates some
   use-after-free vulnerabilities by erasing sensitive information in memory.
diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index fab54cf..44cfbd9 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -37,11 +37,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 ## https://www.kernel.org/doc/html/latest/mm/slub.html
 ## https://lore.kernel.org/all/20210601182202.3011020-5-swboyd@chromium.org/T/#u
 ## https://gitlab.tails.boum.org/tails/tails/-/issues/19613
-##
-## The default kernel setting will be utilized until provided sufficient evidence to modify.
 ## https://github.com/Kicksecure/security-misc/issues/253
 ##
-#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_debug=FZ"
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_debug=FZ"
 
 ## Zero memory at allocation time and free time.
 ## Fills newly allocated pages, freed pages, and heap objects with zeros.