]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 496d2d2)
fortify: Move FORTIFY_SOURCE under 'Kernel hardening options'
authorMel Gorman <mgorman@techsingularity.net>
Thu, 23 Jan 2025 22:11:15 +0000 (22:11 +0000)
committerKees Cook <kees@kernel.org>
Fri, 28 Feb 2025 19:51:31 +0000 (11:51 -0800)
FORTIFY_SOURCE is a hardening option both at build and runtime. Move
it under 'Kernel hardening options'.

Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20250123221115.19722-5-mgorman@techsingularity.net
Signed-off-by: Kees Cook <kees@kernel.org>
security/Kconfig patch | blob | blame | history
security/Kconfig.hardening patch | blob | blame | history

diff --git a/security/Kconfig b/security/Kconfig
index 38ad111e07d0db47e08b929d21b22c9c763af838..536061cf33a9f141af79f905f0f88f311a47236d 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -164,15 +164,6 @@ config LSM_MMAP_MIN_ADDR
          this low address space will need the permission specific to the
          systems running LSM.
 
-config FORTIFY_SOURCE
-       bool "Harden common str/mem functions against buffer overflows"
-       depends on ARCH_HAS_FORTIFY_SOURCE
-       # https://github.com/llvm/llvm-project/issues/53645
-       depends on !CC_IS_CLANG || !X86_32
-       help
-         Detect overflows of buffers in common string and memory functions
-         where the compiler can determine and validate the buffer sizes.
-
 config STATIC_USERMODEHELPER
        bool "Force all usermode helper calls through a single binary"
        help
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 45748379f89635506be026d6a27e5ce991a0450c..23ffb0d7c84551acd060a991436c4de5ddc76256 100644 (file)
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -282,6 +282,15 @@ endmenu
 
 menu "Bounds checking"
 
+config FORTIFY_SOURCE
+       bool "Harden common str/mem functions against buffer overflows"
+       depends on ARCH_HAS_FORTIFY_SOURCE
+       # https://github.com/llvm/llvm-project/issues/53645
+       depends on !CC_IS_CLANG || !X86_32
+       help
+         Detect overflows of buffers in common string and memory functions
+         where the compiler can determine and validate the buffer sizes.
+
 config HARDENED_USERCOPY
        bool "Harden memory copies between kernel and userspace"
        imply STRICT_DEVMEM
A mirror of Linus' kernel repository