* [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES
@ 2019-03-11 7:24 Rouven Czerwinski
2019-03-11 9:15 ` Robert Schwebel
2019-03-11 9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
0 siblings, 2 replies; 6+ messages in thread
From: Rouven Czerwinski @ 2019-03-11 7:24 UTC (permalink / raw)
To: distrokit; +Cc: Rouven Czerwinski
This platform supports it, enable it.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
configs/platform-rpi/kernelconfig | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/configs/platform-rpi/kernelconfig b/configs/platform-rpi/kernelconfig
index 42e2d05..276d079 100644
--- a/configs/platform-rpi/kernelconfig
+++ b/configs/platform-rpi/kernelconfig
@@ -2851,7 +2851,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=y
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
@@ -3232,7 +3232,6 @@ CONFIG_TRACER_SNAPSHOT=y
# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
-# CONFIG_PROFILE_ALL_BRANCHES is not set
CONFIG_STACK_TRACER=y
# CONFIG_BLK_DEV_IO_TRACE is not set
CONFIG_UPROBE_EVENTS=y
--
2.20.1
_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES
2019-03-11 7:24 [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES Rouven Czerwinski
@ 2019-03-11 9:15 ` Robert Schwebel
2019-03-11 9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
1 sibling, 0 replies; 6+ messages in thread
From: Robert Schwebel @ 2019-03-11 9:15 UTC (permalink / raw)
To: Rouven Czerwinski; +Cc: distrokit
On Mon, Mar 11, 2019 at 08:24:26AM +0100, Rouven Czerwinski wrote:
> This platform supports it, enable it.
>
> Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
> ---
> configs/platform-rpi/kernelconfig | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
Applied to next.
rsc
--
Pengutronix e.K. | Dipl.-Ing. Robert Schwebel |
Industrial Linux Solutions | https://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [DistroKit] [PATCH 2/1] v7a: kernel: enable FORTIFY_SOURCES
2019-03-11 7:24 [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES Rouven Czerwinski
2019-03-11 9:15 ` Robert Schwebel
@ 2019-03-11 9:27 ` Roland Hieber
2019-03-11 9:27 ` [DistroKit] [PATCH 3/1] v8a: " Roland Hieber
2019-03-11 9:31 ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
1 sibling, 2 replies; 6+ messages in thread
From: Roland Hieber @ 2019-03-11 9:27 UTC (permalink / raw)
To: distrokit; +Cc: Roland Hieber
Harden common str/mem functions against buffer overflows.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
The other two platforms support it too :-)
---
configs/platform-v7a/kernelconfig | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/configs/platform-v7a/kernelconfig b/configs/platform-v7a/kernelconfig
index 8cca339..6859bfb 100644
--- a/configs/platform-v7a/kernelconfig
+++ b/configs/platform-v7a/kernelconfig
@@ -2978,7 +2978,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=y
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
@@ -3355,7 +3355,6 @@ CONFIG_FUNCTION_GRAPH_TRACER=y
# CONFIG_TRACER_SNAPSHOT is not set
CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
-# CONFIG_PROFILE_ALL_BRANCHES is not set
# CONFIG_STACK_TRACER is not set
# CONFIG_BLK_DEV_IO_TRACE is not set
# CONFIG_UPROBE_EVENTS is not set
--
2.20.1
_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [DistroKit] [PATCH 3/1] v8a: kernel: enable FORTIFY_SOURCES
2019-03-11 9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
@ 2019-03-11 9:27 ` Roland Hieber
2019-03-11 9:31 ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
1 sibling, 0 replies; 6+ messages in thread
From: Roland Hieber @ 2019-03-11 9:27 UTC (permalink / raw)
To: distrokit; +Cc: Roland Hieber
Harden common str/mem functions against buffer overflows.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
configs/platform-v8a/kernelconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/platform-v8a/kernelconfig b/configs/platform-v8a/kernelconfig
index b71b7a7..9ac32ad 100644
--- a/configs/platform-v8a/kernelconfig
+++ b/configs/platform-v8a/kernelconfig
@@ -3292,7 +3292,7 @@ CONFIG_SECURITY=y
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
--
2.20.1
_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [DistroKit] [PATCH 2/1] v7a: kernel: enable FORTIFY_SOURCES
2019-03-11 9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
2019-03-11 9:27 ` [DistroKit] [PATCH 3/1] v8a: " Roland Hieber
@ 2019-03-11 9:31 ` Robert Schwebel
2019-03-11 9:40 ` Roland Hieber
1 sibling, 1 reply; 6+ messages in thread
From: Robert Schwebel @ 2019-03-11 9:31 UTC (permalink / raw)
To: Roland Hieber; +Cc: distrokit
On Mon, Mar 11, 2019 at 10:27:13AM +0100, Roland Hieber wrote:
> Harden common str/mem functions against buffer overflows.
>
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
> The other two platforms support it too :-)
> ---
> configs/platform-v7a/kernelconfig | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/configs/platform-v7a/kernelconfig b/configs/platform-v7a/kernelconfig
> index 8cca339..6859bfb 100644
> --- a/configs/platform-v7a/kernelconfig
> +++ b/configs/platform-v7a/kernelconfig
> @@ -2978,7 +2978,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
> CONFIG_HARDENED_USERCOPY=y
> CONFIG_HARDENED_USERCOPY_FALLBACK=y
> # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
> -# CONFIG_FORTIFY_SOURCE is not set
> +CONFIG_FORTIFY_SOURCE=y
> # CONFIG_STATIC_USERMODEHELPER is not set
> CONFIG_DEFAULT_SECURITY_DAC=y
> CONFIG_DEFAULT_SECURITY=""
> @@ -3355,7 +3355,6 @@ CONFIG_FUNCTION_GRAPH_TRACER=y
> # CONFIG_TRACER_SNAPSHOT is not set
> CONFIG_BRANCH_PROFILE_NONE=y
> # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
> -# CONFIG_PROFILE_ALL_BRANCHES is not set
> # CONFIG_STACK_TRACER is not set
> # CONFIG_BLK_DEV_IO_TRACE is not set
> # CONFIG_UPROBE_EVENTS is not set
> --
> 2.20.1
Both patches have already been applied this morning...
You might want to have a look at next.
rsc
--
Pengutronix e.K. | Dipl.-Ing. Robert Schwebel |
Industrial Linux Solutions | https://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [DistroKit] [PATCH 2/1] v7a: kernel: enable FORTIFY_SOURCES
2019-03-11 9:31 ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
@ 2019-03-11 9:40 ` Roland Hieber
0 siblings, 0 replies; 6+ messages in thread
From: Roland Hieber @ 2019-03-11 9:40 UTC (permalink / raw)
To: Robert Schwebel; +Cc: distrokit
On Mon, Mar 11, 2019 at 10:31:30AM +0100, Robert Schwebel wrote:
> Both patches have already been applied this morning...
> You might want to have a look at next.
Oh, indeed. Sorry for the noise.
- Roland
--
Roland Hieber | r.hieber@pengutronix.de |
Pengutronix e.K. | https://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim | Phone: +49-5121-206917-5086 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-03-11 9:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-11 7:24 [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES Rouven Czerwinski
2019-03-11 9:15 ` Robert Schwebel
2019-03-11 9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
2019-03-11 9:27 ` [DistroKit] [PATCH 3/1] v8a: " Roland Hieber
2019-03-11 9:31 ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
2019-03-11 9:40 ` Roland Hieber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox