Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 24 Nov 2019 22:12:25 +0100
From: Solar Designer <>
Subject: Re: LKRG compilation hardening flags

On Mon, Nov 18, 2019 at 07:09:00PM +0000, Patrick Schleizer wrote:
> Could you please kindly have a look and let me know if something needs
> fixing?
> (This is what happened building LKRG using DKMS. Shouldn't make a
> difference though, since it is using the usual upstream makefile.)
> checksec -f /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko
> RELRO           STACK CANARY      NX            PIE             RPATH
>      RUNPATH	Symbols		FORTIFY	Fortified	Fortifiable  FILE
> No RELRO        Canary found      NX disabled   Not an ELF file   No
> RPATH   No RUNPATH   866 Symbols	Yes	0		2
> /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko
> hardening-check /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko
> /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko:
>  Position Independent Executable: not a known ELF type!? ()
>  Stack protected: yes
>  Fortify Source functions: no, only unprotected functions found!
>  Read-only relocations: no, non-ELF (ignored)
>  Immediate binding: no, non-ELF (ignored)

These scripts you used are meant for userspace binaries, and they only
partially make sense for a kernel module - maybe only for the "stack
protector" check.  I think there's nothing to improve here, but Adam
might want to double-check.

> I guess, should something need fixing, it's a task for the upstream
> makefile?



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.