kernel: Activate CONFIG_SLAB_FREELIST_RANDOM

This activates CONFIG_SLAB_FREELIST_RANDOM.
This option make the free list less predictable. This makes it harder to
exploit heap based security vulnerabilities.

This adds a little bit more code to the kernel and a small additional
compute overhead.

This option is activated in Debian by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit is contained in:
Hauke Mehrtens 2023-04-22 18:45:43 +02:00 committed by Christian Marangi
parent 626f5f77f7
commit 467aa08f8a
No known key found for this signature in database
GPG Key ID: AC001D09ADBFEAD7
2 changed files with 2 additions and 2 deletions

View File

@ -5464,7 +5464,7 @@ CONFIG_SIGNALFD=y
# CONFIG_SLAB is not set # CONFIG_SLAB is not set
CONFIG_SLABINFO=y CONFIG_SLABINFO=y
CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_SLAB_FREELIST_HARDENED=y
# CONFIG_SLAB_FREELIST_RANDOM is not set CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_MERGE_DEFAULT=y CONFIG_SLAB_MERGE_DEFAULT=y
# CONFIG_SLHC is not set # CONFIG_SLHC is not set
# CONFIG_SLICOSS is not set # CONFIG_SLICOSS is not set

View File

@ -5754,7 +5754,7 @@ CONFIG_SIGNALFD=y
# CONFIG_SLAB is not set # CONFIG_SLAB is not set
CONFIG_SLABINFO=y CONFIG_SLABINFO=y
CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_SLAB_FREELIST_HARDENED=y
# CONFIG_SLAB_FREELIST_RANDOM is not set CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_MERGE_DEFAULT=y CONFIG_SLAB_MERGE_DEFAULT=y
# CONFIG_SLHC is not set # CONFIG_SLHC is not set
# CONFIG_SLICOSS is not set # CONFIG_SLICOSS is not set