| Kconfig (e24dd9ee5399747b71c1d982a484fc7601795f31) | Kconfig (6974f0c4555e285ab217cee58b6e874f776ff409) |
|---|---|
| 1# 2# Security configuration 3# 4 5menu "Security options" 6 7source security/keys/Kconfig 8 --- 149 unchanged lines hidden (view full) --- 158 depends on EXPERT 159 help 160 When a multi-page allocation is done without __GFP_COMP, 161 hardened usercopy will reject attempts to copy it. There are, 162 however, several cases of this in the kernel that have not all 163 been removed. This config is intended to be used only while 164 trying to find such users. 165 | 1# 2# Security configuration 3# 4 5menu "Security options" 6 7source security/keys/Kconfig 8 --- 149 unchanged lines hidden (view full) --- 158 depends on EXPERT 159 help 160 When a multi-page allocation is done without __GFP_COMP, 161 hardened usercopy will reject attempts to copy it. There are, 162 however, several cases of this in the kernel that have not all 163 been removed. This config is intended to be used only while 164 trying to find such users. 165 |
| 166config FORTIFY_SOURCE 167 bool "Harden common str/mem functions against buffer overflows" 168 depends on ARCH_HAS_FORTIFY_SOURCE 169 help 170 Detect overflows of buffers in common string and memory functions 171 where the compiler can determine and validate the buffer sizes. 172 |
|
| 166config STATIC_USERMODEHELPER 167 bool "Force all usermode helper calls through a single binary" 168 help 169 By default, the kernel can call many different userspace 170 binary programs through the "usermode helper" kernel 171 interface. Some of these binaries are statically defined 172 either in the kernel code itself, or as a kernel configuration 173 option. However, some of these are dynamically created at --- 75 unchanged lines hidden --- | 173config STATIC_USERMODEHELPER 174 bool "Force all usermode helper calls through a single binary" 175 help 176 By default, the kernel can call many different userspace 177 binary programs through the "usermode helper" kernel 178 interface. Some of these binaries are statically defined 179 either in the kernel code itself, or as a kernel configuration 180 option. However, some of these are dynamically created at --- 75 unchanged lines hidden --- |