diff options
| author |   Jan-Simon Möller <dl9pf@gmx.de> | 2018-05-03 19:20:42 +0200 |
|---|---|---|
| committer |   GitHub <noreply@github.com> | 2018-05-03 19:20:42 +0200 |
| commit | 051e778ee5b58cb1f6fb5819be1c6816683d4d82 (patch) | |
| tree | 3d9158f0179b072f75003443b72200496aa6c51b /security-blueprint/annexes/ConfigNotes.md | |
| parent | de27b37c85d58811f2762caa0c179bfa74acc59e (diff) | |
| parent | 4aac2f4590d9ae7ffa707a662c41b7e460a0ea3a (diff) | |
Merge pull request #113 from mudcam/sandbox/nieutin
Integration of Eli Mordechai's comments.
Diffstat (limited to 'security-blueprint/annexes/ConfigNotes.md')
| -rw-r--r-- | security-blueprint/annexes/ConfigNotes.md | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/security-blueprint/annexes/ConfigNotes.md b/security-blueprint/annexes/ConfigNotes.md index 6de1ca6..23b202a 100644 --- a/security-blueprint/annexes/ConfigNotes.md +++ b/security-blueprint/annexes/ConfigNotes.md @@ -139,6 +139,10 @@ Domain | `Config` name | `Value` ------------------------------ | ------------------------- | ------- Kernel-General-ModuleSigning-1 | `CONFIG_MODULE_SIG_FORCE` | `y` +Domain | `Variable` name | `Value` +------------------------------ | ------------------------- | ------- +Kernel-General-ModuleSigning-2 | `kernel.modules_disabled` | `1` + Domain | Object | _State_ ------------------------ | ------------------- | ---------- Kernel-General-Drivers-1 | `USB` | _Disabled_ @@ -154,10 +158,6 @@ Domain | `compiler` and `linker` options | _State_ Kernel-General-OverwriteAttacks-1 | `-z,relro` | _Enable_ Kernel-General-OverwriteAttacks-2 | `-z,now` | _Enable_ -Domain | `compiler` and `linker` options | _State_ -------------------------------- | ------------------------------- | -------- -Kernel-General-LibraryLinking-1 | `-static` | _Enable_ - Domain | `Config` name | `Value` ------------------------------ | ---------------- | ------- Kernel-Memory-RestrictAccess-1 | `CONFIG_DEVKMEM` | `n` @@ -192,9 +192,10 @@ Domain | `compiler` and `linker` options | _State_ ----------------------------- | ------------------------------- | -------- Kernel-Memory-StackSmashing-1 | `-fstack-protector-all` | _Enable_ -Domain | `compiler` and `linker` options | `Value` -------------------------------- | ------------------------------- | ------- -Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2` +Domain | `compiler` options and `config` name | `Value` +------------------------------- | ------------------------------------ | ------- +Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2` +Kernel-Memory-BufferOverflows-2 | `CONFIG_FORTIFY_SOURCE` | `y` Domain | `Config` name | `Value` ------------------------ | ---------------------------- | ------- |