User contributions
Jump to navigation
Jump to search
- 19:42, 1 May 2024 diff hist −13 Kernel Self Protection Project/Recommended Settings need to disable fineibt with a boot param, there's no way to disable it with Kconfig yet current
- 22:22, 26 April 2024 diff hist +44 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_SECURITY_SELINUX_DEBUG
- 21:54, 26 April 2024 diff hist +39 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_MODULE_FORCE_LOAD
- 21:53, 26 April 2024 diff hist +223 Kernel Self Protection Project/Recommended Settings →sysctls: kernel.modules_disabled
- 21:50, 26 April 2024 diff hist +50 m Kernel Self Protection Project/Recommended Settings →CONFIGs
- 21:49, 26 April 2024 diff hist +37 m Kernel Self Protection Project/Recommended Settings →kernel command line options
- 21:49, 26 April 2024 diff hist +156 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_SLAB_MERGE_DEFAULT
- 21:46, 26 April 2024 diff hist +35 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_KFENCE_SAMPLE_INTERVAL
- 21:44, 26 April 2024 diff hist +98 m Kernel Self Protection Project/Recommended Settings →sysctls
- 21:42, 26 April 2024 diff hist +130 Kernel Self Protection Project/Recommended Settings →sysctls: warn_limit and oops_limit
- 21:31, 26 April 2024 diff hist +5 Kernel Self Protection Project/Recommended Settings →sysctls: update comment for randomize_va_space
- 21:29, 26 April 2024 diff hist +96 Kernel Self Protection Project/Recommended Settings →arm64: CONFIG_UNWIND_PATCH_PAC_INTO_SCS
- 21:17, 26 April 2024 diff hist +81 Kernel Self Protection Project/Recommended Settings →x86_64: CONFIG_FINEIBT
- 21:15, 26 April 2024 diff hist +96 Kernel Self Protection Project/Recommended Settings →x86_64: CONFIG_X86_KERNEL_IBT
- 21:10, 26 April 2024 diff hist −11 Kernel Self Protection Project/Recommended Settings →sysctls: clarify userfaultfd, fix typo
- 21:08, 26 April 2024 diff hist +177 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE
- 21:02, 26 April 2024 diff hist +24 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_LIST_HARDENED
- 21:01, 26 April 2024 diff hist +32 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_RANDOM_KMALLOC_CACHES
- 21:00, 26 April 2024 diff hist +14 m Kernel Self Protection Project/Recommended Settings →CONFIGs
- 20:58, 26 April 2024 diff hist +72 Kernel Self Protection Project/Recommended Settings →x86_64: CONFIG_X86_USER_SHADOW_STACK
- 20:57, 26 April 2024 diff hist +111 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_PAGE_TABLE_CHECK
- 19:04, 20 October 2023 diff hist +4 Kernel Self Protection Project/Recommended Settings Update kernel hardening checker URL (and name).
- 19:03, 20 October 2023 diff hist +145 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 18:51, 20 October 2023 diff hist −19 Kernel Self Protection Project/Recommended Settings →kernel command line options
- 18:50, 20 October 2023 diff hist +89 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 18:48, 20 October 2023 diff hist −1 m Kernel Self Protection Project/Recommended Settings →x86_64: typo noticed by Alexander Popov
- 23:09, 30 September 2023 diff hist +921 Kernel Self Protection Project/Recommended Settings →sysctls: From Alexander Popov: lock down things even harder.
- 22:55, 30 September 2023 diff hist +127 Kernel Self Protection Project/Recommended Settings →kernel command line options: From Alexander Popov, adding options for maybe missing CONFIGs
- 22:45, 30 September 2023 diff hist +11 m Kernel Self Protection Project/Recommended Settings →kernel command line options
- 22:44, 30 September 2023 diff hist +105 Kernel Self Protection Project/Recommended Settings →kernel command line options: From Alexander Popov: enable page shuffling in case CONFIG is unset.
- 22:42, 30 September 2023 diff hist +97 Kernel Self Protection Project/Recommended Settings →kernel command line options: From Alexander Popov: disable smt when needed
- 22:38, 30 September 2023 diff hist +45 Kernel Self Protection Project/Recommended Settings →x86_64: compile out vsyscall by default
- 00:31, 10 February 2023 diff hist +26 m Kernel Self Protection Project/Get Involved add TZ to calendar link current
- 19:46, 25 January 2023 diff hist 0 Kernel Self Protection Project/Get Involved
- 19:45, 25 January 2023 diff hist +223 Kernel Self Protection Project/Get Involved add calendar
- 22:50, 1 November 2022 diff hist +37 Kernel Self Protection Project/Recommended Settings →x86_64
- 22:50, 1 November 2022 diff hist +88 Kernel Self Protection Project/Recommended Settings →arm64
- 22:48, 1 November 2022 diff hist +33 Kernel Self Protection Project/Recommended Settings →x86_64
- 16:50, 28 October 2022 diff hist +56 Kernel Self Protection Project →Principles current
- 03:17, 15 October 2022 diff hist +102 Kernel Self Protection Project/Recommended Settings →sysctls
- 03:16, 15 October 2022 diff hist +102 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 02:25, 14 October 2022 diff hist +97 Kernel Self Protection Project/Recommended Settings →x86_32: iommu
- 15:17, 13 October 2022 diff hist +375 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 14:49, 13 October 2022 diff hist +104 Kernel Self Protection Project/Recommended Settings →x86_64: CFI
- 20:12, 11 October 2022 diff hist +19 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 03:00, 10 October 2022 diff hist +67 Kernel Self Protection Project/Recommended Settings →CONFIGs: Alexander recommendation
- 02:58, 10 October 2022 diff hist +45 Kernel Self Protection Project/Recommended Settings →x86_64
- 02:57, 10 October 2022 diff hist +568 Kernel Self Protection Project/Recommended Settings →arm64: arm64 CFI and things, thanks to Alexander for the ping
- 02:41, 10 October 2022 diff hist +740 Kernel Self Protection Project/Recommended Settings →CONFIGs: next chunk from Alexander. RNG trust source setting are my recommendation, though.
- 02:29, 10 October 2022 diff hist +944 Kernel Self Protection Project/Recommended Settings →CONFIGs: add settings for recent kernels, thanks to Alexander Popov for the prodding and specific suggestions.
- 21:56, 19 August 2022 diff hist +240 Kernel Self Protection Project/Recommended Settings →CONFIGs: add note about Landlock thanks to Mickaël Salaün
- 08:18, 8 May 2022 diff hist +178 Kernel Self Protection Project →Documentation: add Samsung analysis
- 22:03, 30 March 2022 diff hist +134 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_SCHED_CORE
- 21:57, 30 March 2022 diff hist +138 Kernel Self Protection Project/Recommended Settings →CONFIGs: add kfence
- 21:55, 30 March 2022 diff hist −193 Kernel Self Protection Project/Recommended Settings move randomized kstack to all archs, since it's only missing on arm. fix name of trivial-auto-var-init feature enablement
- 21:52, 30 March 2022 diff hist +33 Kernel Self Protection Project/Recommended Settings Ah, koffset_default was already there. Add iommu default boot param too.
- 21:49, 30 March 2022 diff hist +1 m Kernel Self Protection Project/Recommended Settings →CONFIGs
- 21:49, 30 March 2022 diff hist +560 Kernel Self Protection Project/Recommended Settings →CONFIGs: add various bits noted as missing by Peter Böhm
- 23:39, 24 March 2022 diff hist +1 m Kernel Self Protection Project/Patch Tracking →Process: fix "in next" link current
- 20:29, 14 February 2022 diff hist −18 Kernel Self Protection Project →Documentation
- 20:28, 14 February 2022 diff hist −32 Kernel Self Protection Project →Details: don't make these sections of their own, just a list so the Contents links aren't confusing.
- 22:50, 26 October 2021 diff hist +585 Kernel Self Protection Project/Patch Tracking →Process: adjust process for "Needs ACK"
- 15:20, 21 October 2021 diff hist −30 m Kernel Self Protection Project/Patch Tracking swap "Awaiting Upstream" for "In Next"
- 22:11, 20 October 2021 diff hist +13 m Kernel Self Protection Project/Patch Tracking fix formatting
- 22:07, 20 October 2021 diff hist +2,654 N Kernel Self Protection Project/Patch Tracking process overview
- 21:27, 20 October 2021 diff hist +10 m Kernel Self Protection Project →Details
- 21:27, 20 October 2021 diff hist +65 Kernel Self Protection Project →Details: adding a link to patch tracking process
- 18:10, 12 August 2021 diff hist +44 N KSPP add shortened redirect page current Tag: New redirect
- 05:35, 27 May 2021 diff hist +2 Kernel Self Protection Project/Get Involved ditch freenode
- 23:14, 5 April 2021 diff hist +74 Kernel Self Protection Project/Recommended Settings →x86_32
- 23:14, 5 April 2021 diff hist +74 Kernel Self Protection Project/Recommended Settings →x86_64
- 11:00, 9 November 2020 diff hist +2 m Kernel Self Protection Project/Recommended Settings →kernel command line options
- 17:47, 18 October 2020 diff hist +202 Kernel Self Protection Project/Recommended Settings →sysctls: add notes about sysctl to CONFIG mappings
- 17:37, 18 October 2020 diff hist +142 Kernel Self Protection Project/Recommended Settings →CONFIGs: suggest the CONFIG form of kernel.dmesg_restrict sysctl
- 17:29, 18 October 2020 diff hist +279 Kernel Self Protection Project/Recommended Settings →kernel command line options: add some more ideas from Simon Ruderich
- 17:23, 18 October 2020 diff hist +6 m Kernel Self Protection Project/Get Involved →Pick something to work on
- 22:22, 5 October 2020 diff hist +309 Kernel Self Protection Project/Get Involved moar cleanup
- 22:13, 5 October 2020 diff hist +236 Kernel Self Protection Project/Get Involved more cleanup
- 22:09, 5 October 2020 diff hist 0 m Kernel Self Protection Project/Get Involved
- 22:08, 5 October 2020 diff hist +528 Kernel Self Protection Project/Get Involved update list descriptions, tweak capitalization, and split up contribution guildeline better
- 17:18, 29 September 2020 diff hist +173 Kernel Self Protection Project/Get Involved update mailing list
- 18:41, 10 August 2020 diff hist −2,674 Kernel Self Protection Project/Work the issue track is canonical now current
- 01:46, 19 March 2020 diff hist −2 m Kernel Self Protection Project/Recommended Settings
- 01:45, 19 March 2020 diff hist +191 Kernel Self Protection Project/Recommended Settings
- 22:28, 18 March 2020 diff hist +2 m Kernel Self Protection Project/Recommended Settings →arm
- 22:28, 18 March 2020 diff hist +113 Kernel Self Protection Project/Recommended Settings →x86_32
- 22:26, 18 March 2020 diff hist 0 Kernel Self Protection Project/Recommended Settings re-arrange arch sections
- 22:25, 18 March 2020 diff hist +128 Kernel Self Protection Project/Recommended Settings →x86_32
- 18:33, 5 March 2020 diff hist 0 m Kernel Self Protection Project/Recommended Settings →kernel command line options
- 18:33, 5 March 2020 diff hist 0 m Kernel Self Protection Project/Recommended Settings →CONFIGs: swap some "=1" to the correct "=y"
- 17:42, 4 March 2020 diff hist +970 Kernel Self Protection Project/Recommended Settings update for v5.4
- 17:43, 20 November 2019 diff hist +128 Kernel Self Protection Project/Work →Specific TODO Items: add github tracker
- 21:47, 11 April 2019 diff hist +468 Kernel Self Protection Project/Work →Specific TODO Items
- 00:29, 10 January 2019 diff hist +93 Kernel Self Protection Project/Recommended Settings →CONFIGs: Rename stack protector configs since v4.18
- 22:25, 31 October 2018 diff hist +90 Kernel Self Protection Project/Work →Specific TODO Items
- 08:37, 25 October 2018 diff hist +11 m Kernel Self Protection Project/Get Involved
- 08:33, 25 October 2018 diff hist +73 Kernel Self Protection Project/Get Involved whoops, forgot the IRC
- 23:05, 21 June 2018 diff hist +61 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 19:43, 8 May 2018 diff hist 0 m Kernel Self Protection Project/Recommended Settings →kernel command line options
- 22:06, 4 May 2018 diff hist +162 Kernel Self Protection Project/Recommended Settings →sysctls
- 18:41, 23 April 2018 diff hist +56 m Kernel Self Protection Project/Recommended Settings →arm64
- 18:41, 23 April 2018 diff hist +128 Kernel Self Protection Project/Recommended Settings →x86_64
- 18:39, 23 April 2018 diff hist +105 Kernel Self Protection Project/Recommended Settings →kernel command line options
- 18:38, 23 April 2018 diff hist +71 Kernel Self Protection Project/Recommended Settings →arm64
- 18:38, 23 April 2018 diff hist +107 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 02:42, 22 February 2018 diff hist +9 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 19:03, 7 December 2017 diff hist +792 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 22:27, 18 September 2017 diff hist +41 Kernel Self Protection Project/Recommended Settings
- 20:28, 10 August 2017 diff hist +140 Kernel Self Protection Project/Recommended Settings →CONFIGs: CONFIG_SECURITY_SELINUX_DISABLE
- 05:20, 4 August 2017 diff hist −5 m Kernel Self Protection Project →Documentation
- 05:20, 4 August 2017 diff hist +47 m Kernel Protections/refcount t →Reference Counting API current
- 05:19, 4 August 2017 diff hist +3 m Kernel Protections/refcount t →Summary
- 05:18, 4 August 2017 diff hist +43 N Kernel Protections/HARDENED ATOMIC KeesCook moved page Kernel Protections/HARDENED ATOMIC to Kernel Protections/refcount t current
- 05:18, 4 August 2017 diff hist 0 m Kernel Protections/refcount t KeesCook moved page Kernel Protections/HARDENED ATOMIC to Kernel Protections/refcount t
- 05:18, 4 August 2017 diff hist −20 m Kernel Self Protection Project →Documentation
- 03:35, 25 July 2017 diff hist +32 Kernel Self Protection Project/Recommended Settings →CONFIGs
- 19:13, 23 June 2017 diff hist +91 Kernel Self Protection Project/Recommended Settings →kernel command line options
- 23:47, 5 June 2017 diff hist −2 m Kernel Self Protection Project/Recommended Settings →CONFIGs
- 23:43, 5 June 2017 diff hist −7 Kernel Self Protection Project →Details
- 23:43, 5 June 2017 diff hist +41 Kernel Self Protection Project →Details
- 23:42, 5 June 2017 diff hist +26 Kernel Self Protection Project/Recommended Settings
- 23:40, 5 June 2017 diff hist +62 Kernel Self Protection Project/Work
- 23:39, 5 June 2017 diff hist +42 Kernel Self Protection Project/Get Involved
- 23:39, 5 June 2017 diff hist −2,922 Kernel Self Protection Project
- 23:37, 5 June 2017 diff hist +2,991 N Kernel Self Protection Project/Work Created page with "= Work Areas = While there are already a number of upstream kernel security features, we are still missing many. While the following is far from a comprehens..."
- 23:36, 5 June 2017 diff hist +53 Kernel Self Protection Project →Specific TODO Items: DEBUG_RODATA was renamed
- 23:35, 5 June 2017 diff hist +62 m Kernel Self Protection Project
- 23:33, 5 June 2017 diff hist −2,595 Kernel Self Protection Project continue collapsing top-level topics into sub pages
- 23:32, 5 June 2017 diff hist +2,611 Kernel Self Protection Project/Get Involved
- 23:31, 5 June 2017 diff hist −6,254 Kernel Self Protection Project this page is too long
- 23:26, 5 June 2017 diff hist +6,289 N Kernel Self Protection Project/Recommended Settings Created page with "People ask from time to time what a good security set of build CONFIGs and runtime sysctl are. This is a brain-dump of the various options for a particularly paranoid system. ..."
- 23:24, 5 June 2017 diff hist −2,611 Kernel Self Protection Project/Get Involved Blanked the page
- 23:22, 5 June 2017 diff hist +2,611 N Kernel Self Protection Project/Get Involved Created page with "Want to get involved? [http://www.openwall.com/lists/#subscribe Join] the [http://www.openwall.com/lists/kernel-hardening/ kernel hardening mailing list]. = Introduce Yoursel..."
- 23:21, 5 June 2017 diff hist +668 Kernel Self Protection Project →Patch Contribution Guidelines
- 19:29, 5 June 2017 diff hist +44 m Kernel Self Protection Project →Patch Contribution Guidelines
- 19:27, 5 June 2017 diff hist +1,227 Kernel Self Protection Project →Get Involved
- 21:52, 10 May 2017 diff hist +121 Kernel Self Protection Project →sysctls: USER_NS
- 20:17, 5 May 2017 diff hist +94 Kernel Self Protection Project →CONFIGs: add DEBUG_WX=y
- 19:32, 5 May 2017 diff hist +197 Kernel Self Protection Project rename RODATA, add PAN emu
- 20:33, 29 April 2017 diff hist +18 Kernel Self Protection Project →CONFIGs
- 20:31, 29 April 2017 diff hist +102 Kernel Self Protection Project →CONFIGs
- 19:14, 28 April 2017 diff hist −439 Kernel Self Protection Project →Specific TODO Items
- 23:02, 26 April 2017 diff hist +890 Feature List catch up current
- 22:23, 26 April 2017 diff hist +141 Kernel Self Protection Project →Principles
- 22:19, 26 April 2017 diff hist 0 Kernel Self Protection Project →Mission Statement
- 22:18, 26 April 2017 diff hist +71 Kernel Self Protection Project →Mission Statement
- 22:29, 13 February 2017 diff hist +82 Kernel Self Protection Project →CONFIGs
- 23:54, 10 February 2017 diff hist +157 Kernel Self Protection Project →Specific TODO Items
- 23:51, 10 February 2017 diff hist 0 Kernel Self Protection Project move docs section down to keep "work areas" and "TODOs" together
- 23:51, 10 February 2017 diff hist +128 Kernel Self Protection Project →Documentation
- 23:48, 10 February 2017 diff hist −47 Kernel Self Protection Project →Completed Kernel Protections
- 23:00, 2 February 2017 diff hist +1 Kernel Self Protection Project →CONFIGs
- 21:52, 30 January 2017 diff hist +32 Kernel Self Protection Project →CONFIGs
- 21:49, 30 January 2017 diff hist +89 Kernel Self Protection Project →Specific TODO Items
- 17:25, 1 November 2016 diff hist −3 Kernel Self Protection Project →kernel command line options: Fix typo, thanks to Simon Ruderich
- 15:13, 31 October 2016 diff hist +58 Kernel Self Protection Project →Specific TODO Items
- 20:46, 18 October 2016 diff hist +1,043 Kernel Self Protection Project →Specific TODO Items
- 21:43, 6 October 2016 diff hist +202 Kernel Self Protection Project →CONFIGs
- 19:15, 3 October 2016 diff hist +1 Kernel Self Protection Project →CONFIGs
- 19:14, 3 October 2016 diff hist +1 m Kernel Self Protection Project →kernel command line options
- 19:53, 30 September 2016 diff hist +118 Kernel Self Protection Project →kernel command line options
- 19:52, 30 September 2016 diff hist +316 Kernel Self Protection Project →CONFIGs
- 19:14, 30 September 2016 diff hist +104 Kernel Self Protection Project →sysctls
- 19:53, 15 September 2016 diff hist +14 m Exploit Methods/Userspace data usage →Details
- 19:49, 15 September 2016 diff hist +169 Exploit Methods/Userspace data usage →Details
- 19:48, 15 September 2016 diff hist −2 Exploit Methods/Userspace data usage →Mitigations
- 19:47, 15 September 2016 diff hist +22 Exploit Methods/Userspace execution →Details
- 19:47, 15 September 2016 diff hist −2 Exploit Methods/Userspace execution →Mitigations
- 03:59, 15 September 2016 diff hist +18 m Exploit Methods/Userspace execution →Mitigations
- 03:59, 15 September 2016 diff hist +18 m Exploit Methods/Userspace data usage →Mitigations
- 03:55, 15 September 2016 diff hist +39 Exploit Methods/Userspace execution →Mitigations
- 03:54, 15 September 2016 diff hist +29 Exploit Methods/Userspace data usage →Mitigations
- 03:49, 15 September 2016 diff hist +33 Exploit Methods/Userspace data usage →Mitigations
- 03:49, 15 September 2016 diff hist +4 Exploit Methods/Userspace execution →Mitigations
- 03:48, 15 September 2016 diff hist +2 m Exploit Methods/Userspace data usage →Mitigations
- 03:47, 15 September 2016 diff hist −125 Exploit Methods/Userspace data usage →Mitigations
- 03:46, 15 September 2016 diff hist +16 Exploit Methods/Userspace data usage →Mitigations
- 16:17, 14 September 2016 diff hist +132 Exploit Methods/Function pointer overwrite →Mitigations current