Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch/evbarm/conf Add various security options; enables P...
details: https://anonhg.NetBSD.org/src/rev/066c56eb4cb6
branches: trunk
changeset: 345357:066c56eb4cb6
user: christos <christos%NetBSD.org@localhost>
date: Sat May 21 18:31:13 2016 +0000
description:
Add various security options; enables PaX ASLR/MPROTECT
diffstat:
sys/arch/evbarm/conf/GENERIC.common | 27 ++++++++++++++++++++++++++-
1 files changed, 26 insertions(+), 1 deletions(-)
diffs (39 lines):
diff -r f25b06f381db -r 066c56eb4cb6 sys/arch/evbarm/conf/GENERIC.common
--- a/sys/arch/evbarm/conf/GENERIC.common Sat May 21 17:21:40 2016 +0000
+++ b/sys/arch/evbarm/conf/GENERIC.common Sat May 21 18:31:13 2016 +0000
@@ -1,5 +1,5 @@
#
-# $NetBSD: GENERIC.common,v 1.12 2015/11/12 10:48:30 jmcneill Exp $
+# $NetBSD: GENERIC.common,v 1.13 2016/05/21 18:31:13 christos Exp $
#
# GENERIC evbarm kernel config (template)
#
@@ -163,3 +163,28 @@
#pseudo-device clockctl # user control of clock subsystem
pseudo-device ksyms # /dev/ksyms
pseudo-device lockstat # lock profiling
+
+options FILEASSOC # fileassoc(9) - required for Veriexec
+
+# Veriexec
+#
+# a pseudo device needed for veriexec
+pseudo-device veriexec
+#
+# Uncomment the fingerprint methods below that are desired. Note that
+# removing fingerprint methods will have almost no impact on the kernel
+# code size.
+#
+options VERIFIED_EXEC_FP_RMD160
+options VERIFIED_EXEC_FP_SHA256
+options VERIFIED_EXEC_FP_SHA384
+options VERIFIED_EXEC_FP_SHA512
+options VERIFIED_EXEC_FP_SHA1
+options VERIFIED_EXEC_FP_MD5
+
+
+options PAX_ASLR_DEBUG=1 # PaX ASLR debug
+options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
+options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
+options PAX_MPROTECT_DEBUG=1 # PaX mprotect debug
+options PAX_ASLR=1 # PaX Address Space Layout Randomization
Home |
Main Index |
Thread Index |
Old Index