Date: Sun, 24 Nov 2019 22:12:25 +0100 From: Solar Designer <solar@...nwall.com> To: lkrg-users@...ts.openwall.com Subject: Re: LKRG compilation hardening flags On Mon, Nov 18, 2019 at 07:09:00PM +0000, Patrick Schleizer wrote: > Could you please kindly have a look and let me know if something needs > fixing? > > (This is what happened building LKRG using DKMS. Shouldn't make a > difference though, since it is using the usual upstream makefile.) > > checksec -f /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko > RELRO STACK CANARY NX PIE RPATH > RUNPATH Symbols FORTIFY Fortified Fortifiable FILE > No RELRO Canary found NX disabled Not an ELF file No > RPATH No RUNPATH 866 Symbols Yes 0 2 > /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko > > hardening-check /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko > /lib/modules/4.19.0-6-amd64/updates/dkms/p_lkrg.ko: > Position Independent Executable: not a known ELF type!? () > Stack protected: yes > Fortify Source functions: no, only unprotected functions found! > Read-only relocations: no, non-ELF (ignored) > Immediate binding: no, non-ELF (ignored) These scripts you used are meant for userspace binaries, and they only partially make sense for a kernel module - maybe only for the "stack protector" check. I think there's nothing to improve here, but Adam might want to double-check. > I guess, should something need fixing, it's a task for the upstream > makefile? Yes. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.