On Thu, Jan 19, 2017 at 11:11:18AM +0000, Mark Rutland wrote: > > +config HARDENED_MODULE_MAPPINGS > > + bool "Mark module mappings with stricter permissions (RO/W^X)" > > + default y > > + depends on ARCH_HAS_HARDENED_MODULE_MAPPINGS > > + help > > + If this is set, module text and rodata memory will be made read-only, > > + and non-text memory will be made non-executable. This provides > > + protection against certain security vulnerabilities (e.g. modifying > > + code) > > + > > + Unless your system has known restrictions or performance issues, it > > + is recommended to say Y here. > > + > > I was hoping that we'd make this mandatory, as we'd already done for > DEBUG_RODATA. Same for s390: would be good to make this mandatory. -- To unsubscribe from this list: send the line "unsubscribe linux-s390" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
