[linux-yocto] [PATCH 1/3] security.cfg: unset HARDENED_USERCOPY_FALLBACK
Anuj Mittal
anuj.mittal at intel.com
Tue Jul 16 00:00:45 PDT 2019
Disable fallback to gain full whitelist enforcement.
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
features/security/security.cfg | 1 +
1 file changed, 1 insertion(+)
diff --git a/features/security/security.cfg b/features/security/security.cfg
index 0a4e246a..4ecbec2f 100644
--- a/features/security/security.cfg
+++ b/features/security/security.cfg
@@ -1,5 +1,6 @@
# Protect against ioctl buffer overflows
CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
# Check for memory copies that might overflow a structure in str*() and mem*()
# functions both at build-time and run-time
--
2.20.1
More information about the linux-yocto
mailing list