Bug#849450: Please consider enabling CONFIG_PAGE_POISONING

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#849450: Please consider enabling CONFIG_PAGE_POISONING
From: intrigeri@debian.org
Date: Tue, 27 Dec 2016 10:32:52 +0100
Message-id: <[🔎] 85eg0togxn.fsf@boum.org>
Reply-to: intrigeri@debian.org, 849450@bugs.debian.org

Source: linux
Version: 4.8.15-1
Severity: wishlist
User: tails-dev@boum.org
Usertags: kernel-self-protection

Hi,

in Tails we would like to try enabling page_poison=1 on the kernel
command-line, as recommended by the KSPP:

  http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

This requires CONFIG_PAGE_POISONING=y.

If I got it right, this doesn't affect systems unless this feature is
also enabled on the kernel command-line. Any reason not to enable
CONFIG_PAGE_POISONING in the Debian kernel?

https://outflux.net/blog/archives/2016/09/30/security-things-in-linux-v4-6/
also seems to have useful information about this.

Cheers,
-- 
intrigeri

Reply to:

Prev by Date: Bug#849381: linux-image-4.8.0-2-amd64: Broadcom BCM43602 wireless card no longer works after wakeup from hibernation
Next by Date: Bug#847947: firmware-libertas: Wifi connection drastically drops after a few seconds on some hotspots
Previous by thread: Bug#849381: linux-image-4.8.0-2-amd64: Broadcom BCM43602 wireless card no longer works after wakeup from hibernation
Next by thread: Bug#849474: repeated console pasting with TIOCLINUX+TIOCL_PASTESEL hung process
Index(es):
- Date
- Thread