From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH] linux: Give CONFIG_RANDOMIZE_BASE on aarch64 another try Date: Mon, 11 Jul 2022 15:07:22 +0000 Message-ID: <194d274f-ff76-888f-5e47-25ab4d4fb163@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8401610943917453059==" List-Id: --===============8401610943917453059== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Quoted from https://capsule8.com/blog/kernel-configuration-glossary/: > Significance: Critical > > In support of Kernel Address Space Layout Randomization (KASLR) this random= izes > the physical address at which the kernel image is decompressed and the virt= ual > address where the kernel image is mapped as a security feature that deters > exploit attempts relying on knowledge of the location of kernel code intern= als. We tried to enable this back in 2020, and failed. Since then, things may have been improved, so let's give this low-hanging fruit another try. Fixes: #12363 Signed-off-by: Peter M=C3=BCller --- config/kernel/kernel.config.aarch64-ipfire | 2 +- config/rootfiles/common/aarch64/linux | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kerne= l.config.aarch64-ipfire index 469884b20..9232335ff 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -471,7 +471,7 @@ CONFIG_ARM64_SVE=3Dy CONFIG_ARM64_MODULE_PLTS=3Dy # CONFIG_ARM64_PSEUDO_NMI is not set CONFIG_RELOCATABLE=3Dy -# CONFIG_RANDOMIZE_BASE is not set +CONFIG_RANDOMIZE_BASE=3Dy CONFIG_CC_HAVE_STACKPROTECTOR_SYSREG=3Dy CONFIG_STACKPROTECTOR_PER_TASK=3Dy # end of Kernel Features diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/= aarch64/linux index 906fde0c3..af96753fc 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -9427,6 +9427,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/RAID6_PQ #lib/modules/KVER-ipfire/build/include/config/RAID6_PQ_BENCHMARK #lib/modules/KVER-ipfire/build/include/config/RAID_ATTRS +#lib/modules/KVER-ipfire/build/include/config/RANDOMIZE_BASE #lib/modules/KVER-ipfire/build/include/config/RANDOMIZE_KSTACK_OFFSET_DEFAULT #lib/modules/KVER-ipfire/build/include/config/RAS #lib/modules/KVER-ipfire/build/include/config/RASPBERRYPI_FIRMWARE --=20 2.35.3 --===============8401610943917453059==--