[DistroKit] [PATCH] platform-rpi: enable FORTIFY

DistroKit Mailinglist
 help / color / mirror / Atom feed

* [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES
@ 2019-03-11  7:24 Rouven Czerwinski
  2019-03-11  9:15 ` Robert Schwebel
  2019-03-11  9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
  0 siblings, 2 replies; 6+ messages in thread
From: Rouven Czerwinski @ 2019-03-11  7:24 UTC (permalink / raw)
  To: distrokit; +Cc: Rouven Czerwinski

This platform supports it, enable it.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
---
 configs/platform-rpi/kernelconfig | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/configs/platform-rpi/kernelconfig b/configs/platform-rpi/kernelconfig
index 42e2d05..276d079 100644
--- a/configs/platform-rpi/kernelconfig
+++ b/configs/platform-rpi/kernelconfig
@@ -2851,7 +2851,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_FALLBACK=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
@@ -3232,7 +3232,6 @@ CONFIG_TRACER_SNAPSHOT=y
 # CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
 CONFIG_BRANCH_PROFILE_NONE=y
 # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
-# CONFIG_PROFILE_ALL_BRANCHES is not set
 CONFIG_STACK_TRACER=y
 # CONFIG_BLK_DEV_IO_TRACE is not set
 CONFIG_UPROBE_EVENTS=y
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES
  2019-03-11  7:24 [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES Rouven Czerwinski
@ 2019-03-11  9:15 ` Robert Schwebel
  2019-03-11  9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
  1 sibling, 0 replies; 6+ messages in thread
From: Robert Schwebel @ 2019-03-11  9:15 UTC (permalink / raw)
  To: Rouven Czerwinski; +Cc: distrokit

On Mon, Mar 11, 2019 at 08:24:26AM +0100, Rouven Czerwinski wrote:
> This platform supports it, enable it.
> 
> Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
> ---
>  configs/platform-rpi/kernelconfig | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

Applied to next.

rsc
-- 
Pengutronix e.K.                           | Dipl.-Ing. Robert Schwebel  |
Industrial Linux Solutions                 | https://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [DistroKit] [PATCH 2/1] v7a: kernel: enable FORTIFY_SOURCES
  2019-03-11  7:24 [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES Rouven Czerwinski
  2019-03-11  9:15 ` Robert Schwebel
@ 2019-03-11  9:27 ` Roland Hieber
  2019-03-11  9:27   ` [DistroKit] [PATCH 3/1] v8a: " Roland Hieber
  2019-03-11  9:31   ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
  1 sibling, 2 replies; 6+ messages in thread
From: Roland Hieber @ 2019-03-11  9:27 UTC (permalink / raw)
  To: distrokit; +Cc: Roland Hieber

Harden common str/mem functions against buffer overflows.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 The other two platforms support it too :-)
---
 configs/platform-v7a/kernelconfig | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/configs/platform-v7a/kernelconfig b/configs/platform-v7a/kernelconfig
index 8cca339..6859bfb 100644
--- a/configs/platform-v7a/kernelconfig
+++ b/configs/platform-v7a/kernelconfig
@@ -2978,7 +2978,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_FALLBACK=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
 CONFIG_DEFAULT_SECURITY=""
@@ -3355,7 +3355,6 @@ CONFIG_FUNCTION_GRAPH_TRACER=y
 # CONFIG_TRACER_SNAPSHOT is not set
 CONFIG_BRANCH_PROFILE_NONE=y
 # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
-# CONFIG_PROFILE_ALL_BRANCHES is not set
 # CONFIG_STACK_TRACER is not set
 # CONFIG_BLK_DEV_IO_TRACE is not set
 # CONFIG_UPROBE_EVENTS is not set
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [DistroKit] [PATCH 3/1] v8a: kernel: enable FORTIFY_SOURCES
  2019-03-11  9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
@ 2019-03-11  9:27   ` Roland Hieber
  2019-03-11  9:31   ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
  1 sibling, 0 replies; 6+ messages in thread
From: Roland Hieber @ 2019-03-11  9:27 UTC (permalink / raw)
  To: distrokit; +Cc: Roland Hieber

Harden common str/mem functions against buffer overflows.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 configs/platform-v8a/kernelconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/platform-v8a/kernelconfig b/configs/platform-v8a/kernelconfig
index b71b7a7..9ac32ad 100644
--- a/configs/platform-v8a/kernelconfig
+++ b/configs/platform-v8a/kernelconfig
@@ -3292,7 +3292,7 @@ CONFIG_SECURITY=y
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 # CONFIG_STATIC_USERMODEHELPER is not set
 # CONFIG_SECURITY_SMACK is not set
 # CONFIG_SECURITY_TOMOYO is not set
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [DistroKit] [PATCH 2/1] v7a: kernel: enable FORTIFY_SOURCES
  2019-03-11  9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
  2019-03-11  9:27   ` [DistroKit] [PATCH 3/1] v8a: " Roland Hieber
@ 2019-03-11  9:31   ` Robert Schwebel
  2019-03-11  9:40     ` Roland Hieber
  1 sibling, 1 reply; 6+ messages in thread
From: Robert Schwebel @ 2019-03-11  9:31 UTC (permalink / raw)
  To: Roland Hieber; +Cc: distrokit

On Mon, Mar 11, 2019 at 10:27:13AM +0100, Roland Hieber wrote:
> Harden common str/mem functions against buffer overflows.
> 
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
>  The other two platforms support it too :-)
> ---
>  configs/platform-v7a/kernelconfig | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/configs/platform-v7a/kernelconfig b/configs/platform-v7a/kernelconfig
> index 8cca339..6859bfb 100644
> --- a/configs/platform-v7a/kernelconfig
> +++ b/configs/platform-v7a/kernelconfig
> @@ -2978,7 +2978,7 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
>  CONFIG_HARDENED_USERCOPY=y
>  CONFIG_HARDENED_USERCOPY_FALLBACK=y
>  # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
> -# CONFIG_FORTIFY_SOURCE is not set
> +CONFIG_FORTIFY_SOURCE=y
>  # CONFIG_STATIC_USERMODEHELPER is not set
>  CONFIG_DEFAULT_SECURITY_DAC=y
>  CONFIG_DEFAULT_SECURITY=""
> @@ -3355,7 +3355,6 @@ CONFIG_FUNCTION_GRAPH_TRACER=y
>  # CONFIG_TRACER_SNAPSHOT is not set
>  CONFIG_BRANCH_PROFILE_NONE=y
>  # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
> -# CONFIG_PROFILE_ALL_BRANCHES is not set
>  # CONFIG_STACK_TRACER is not set
>  # CONFIG_BLK_DEV_IO_TRACE is not set
>  # CONFIG_UPROBE_EVENTS is not set
> -- 
> 2.20.1

Both patches have already been applied this morning...
You might want to have a look at next.

rsc
-- 
Pengutronix e.K.                           | Dipl.-Ing. Robert Schwebel  |
Industrial Linux Solutions                 | https://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [DistroKit] [PATCH 2/1] v7a: kernel: enable FORTIFY_SOURCES
  2019-03-11  9:31   ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
@ 2019-03-11  9:40     ` Roland Hieber
  0 siblings, 0 replies; 6+ messages in thread
From: Roland Hieber @ 2019-03-11  9:40 UTC (permalink / raw)
  To: Robert Schwebel; +Cc: distrokit

On Mon, Mar 11, 2019 at 10:31:30AM +0100, Robert Schwebel wrote:
> Both patches have already been applied this morning...
> You might want to have a look at next.

Oh, indeed. Sorry for the noise.

 - Roland

-- 
Roland Hieber                     | r.hieber@pengutronix.de     |
Pengutronix e.K.                  | https://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim | Phone: +49-5121-206917-5086 |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |

_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2019-03-11  9:40 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-11  7:24 [DistroKit] [PATCH] platform-rpi: enable FORTIFY_SOURCES Rouven Czerwinski
2019-03-11  9:15 ` Robert Schwebel
2019-03-11  9:27 ` [DistroKit] [PATCH 2/1] v7a: kernel: " Roland Hieber
2019-03-11  9:27   ` [DistroKit] [PATCH 3/1] v8a: " Roland Hieber
2019-03-11  9:31   ` [DistroKit] [PATCH 2/1] v7a: " Robert Schwebel
2019-03-11  9:40     ` Roland Hieber

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox