- 26 Mar, 2020 2 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
- 24 Mar, 2020 2 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
- 06 Mar, 2020 1 commit
-
-
Alexander Popov authored
-
- 05 Mar, 2020 1 commit
-
-
Alexander Popov authored
-
- 26 Feb, 2020 1 commit
-
-
Loïc authored
-
- 14 Jan, 2020 2 commits
-
-
PAGE_POISONING is a debugging feature. It provides less erasing than INIT_ON_FREE_DEFAULT_ON. Join these checks with OR giving preference to INIT_ON_FREE_DEFAULT_ON. Thanks to @madaidan for the details. Also drop my previous recommendations about CONFIG_PAGE_POISONING_NO_SANITY and CONFIG_PAGE_POISONING_ZERO.
Alexander Popov authored -
Thanks to @madaidan Refers to #29
Alexander Popov authored
-
- 11 Jan, 2020 1 commit
-
-
The vivid driver is for testing. It doesn't require any special hardware. It is shipped in Ubuntu, Debian, Arch Linux, SUSE Linux Enterprise and openSUSE. On Ubuntu the devices created by this driver are available to the normal user, since Ubuntu applies RW ACL when the user is logged in. See the disclosure of CVE-2019-18683 which I've found and fixed in vivid driver: https://www.openwall.com/lists/oss-security/2019/11/02/1
Alexander Popov authored
-
- 10 Jan, 2020 1 commit
-
-
Add CONFIG_SECURITY_SAFESETID (y) and CONFIG_SECURITY_WRITABLE_HOOKS (n). Refers to the pull request #27.
Alexander Popov authored
-
- 02 Dec, 2019 1 commit
-
-
Alexander Popov authored
-
- 29 Nov, 2019 3 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
- 23 Aug, 2019 2 commits
-
-
At the Chaos Communication Camp 2019 @jelly told that it would be nice to add the kconfig-hardened-check to Arch Linux. So I add versioning to make it happen. Thanks @jelly, nice to meet you!
Alexander Popov authored -
Alexander Popov authored
-
- 24 Jun, 2019 1 commit
-
-
Alexander Popov authored
-
- 04 Jun, 2019 1 commit
-
-
It exposes MSRs to the userspace, IMO it is not needed for mitigating X86 CPU bugs. Refers to the issue #19 (comment by @Bernhard40)
Alexander Popov authored
-
- 03 Jun, 2019 5 commits
-
-
In fact we have a false positive here because the absence of the disabled CONFIG_LDISC_AUTOLOAD means FAIL (line disciplines are automatically loaded). TODO: Introduce a special check for this type of cases.
Alexander Popov authored -
They have a bigger authority :) Refers to the issue #19 by @HacKurx
Alexander Popov authored -
Refers to the issue #19 by @HacKurx
Alexander Popov authored -
Refers to the issue #19 by @HacKurx
Alexander Popov authored -
Alexander Popov authored
-
- 20 Mar, 2019 1 commit
-
-
Refers to the issue #14 by @jcberthon.
Alexander Popov authored
-
- 12 Mar, 2019 2 commits
-
-
Report them as FAIL. Thanks to @Bernhard40 for this nice idea.
Alexander Popov authored -
Alexander Popov authored
-
- 11 Mar, 2019 1 commit
-
-
Alexander Popov authored
-
- 04 Mar, 2019 1 commit
-
-
Let's check the RESET_ATTACK_MITIGATION option. The description of this security feature: https://lwn.net/Articles/730006/ It needs support from the userspace side: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a5c03c31af2291f13689d11760c0b59fb70c9a5a Improve the comments about the userspace support by the way.
Alexander Popov authored
-
- 24 Jan, 2019 1 commit
-
-
Alexander Popov authored
-
- 23 Jan, 2019 1 commit
-
-
Alexander Popov authored
-
- 22 Jan, 2019 1 commit
-
-
And improve the style by the way.
Alexander Popov authored
-
- 21 Jan, 2019 1 commit
-
-
Alexander Popov authored
-
- 14 Jan, 2019 1 commit
-
-
Alexander Popov authored
-
- 12 Dec, 2018 1 commit
-
-
Alexander Popov authored
-
- 07 Dec, 2018 1 commit
-
-
Alexander Popov authored
-
- 05 Dec, 2018 1 commit
-
-
Alexander Popov authored
-
- 30 Jul, 2018 2 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
- 25 Jul, 2018 1 commit
-
-
Alexander Popov authored
-