diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-05-06 18:57:11 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-05-09 01:38:26 +0200 |
| commit | 996b65cfbad921d51a716751329f940b1cc1a649 (patch) | |
| tree | e06aa39d24574e28de10b380b62934e9cee6f978 /pkgs/os-specific/linux | |
| parent | 1816e2b96084f982a0536f40953383d42c082b8d (diff) | |
| download | nixlib-996b65cfbad921d51a716751329f940b1cc1a649.tar nixlib-996b65cfbad921d51a716751329f940b1cc1a649.tar.gz nixlib-996b65cfbad921d51a716751329f940b1cc1a649.tar.bz2 nixlib-996b65cfbad921d51a716751329f940b1cc1a649.tar.lz nixlib-996b65cfbad921d51a716751329f940b1cc1a649.tar.xz nixlib-996b65cfbad921d51a716751329f940b1cc1a649.tar.zst nixlib-996b65cfbad921d51a716751329f940b1cc1a649.zip | |
linux_hardened: enable structleak plugin
A port of the PaX structleak plugin. Note that this version of structleak seems to cover less ground than the PaX original (only marked structs are zeroed). [1] [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61f13eaa1ee17728c41370100d2d45c254ce76f
Diffstat (limited to 'pkgs/os-specific/linux')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index bff15b05fd94..2482641c9f02 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -15,6 +15,10 @@ assert (versionAtLeast version "4.9"); '' GCC_PLUGINS y # Enable gcc plugin options +${optionalString (versionAtLeast version "4.11") '' + GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin +''} + DEBUG_WX y # A one-time check for W+X mappings at boot; doesn't do anything beyond printing a warning ${optionalString (versionAtLeast version "4.10") '' |