Bug#1016056: src:linux: Please enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1016056: src:linux: Please enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
From: intrigeri <intrigeri@boum.org>
Date: Tue, 26 Jul 2022 10:27:24 +0200
Message-id: <[🔎] 87sfmo5leb.fsf@manticora.home>
Reply-to: intrigeri <intrigeri@boum.org>, 1016056@bugs.debian.org

Source: linux
Version: 5.18.14-1
Severity: wishlist
User: tails-dev@boum.org
Usertags: hardening

Hi!

Please consider setting CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
(5.13 or newer).

This enables a security feature with low performance overhead.

Original pull request:
https://lkml.iu.edu/hypermail/linux/kernel/2104.3/01302.html

Ubuntu 22.04 LTS has this setting enabled by default.

KSPP recommends enabling it:
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings

Thanks for your attention,
cheers!
-- 
intrigeri

Reply to:

Follow-Ups:
- Bug#1016056: src:linux: Please enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
  - From: Diederik de Haas <didi.debian@cknow.org>

Prev by Date: linux-signed-i386_5.18.14+1_source.changes ACCEPTED into unstable, unstable
Next by Date: Num One ranking on Google!
Previous by thread: linux-signed-i386_5.18.14+1_source.changes ACCEPTED into unstable, unstable
Next by thread: Bug#1016056: src:linux: Please enable CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
Index(es):
- Date
- Thread