Feature List
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
This is a list of various interesting security features since v3.4 and when they were introduced in the upstream kernel. Feel free to add anything more!
Version | Feature |
---|---|
v3.5 | seccomp-bpf, x86 |
v3.7 | PXN, arm64 |
v3.8 | seccomp-bpf, arm |
seccomp reported in /proc/$pid/status | |
finit_module syscall and LSM hook | |
v3.13 | remove %n from printf |
v3.14 | ptdump, arm |
kaslr, x86 | |
modules ro/nx, arm | |
stack-protector-strong | |
kexec_load_disabled | |
v3.15 | seccomp-bpf, mips |
lkdtm WRITE_KERN | |
module aslr, x86 | |
v3.16 | harden sysctl writing |
v3.17 | seccomp syscall and TSYNC |
request_firmware LSM hook | |
v3.18 | kernel memory W^X, x86 |
overlayfs v3.18 | |
v3.19 | kernel ro/nx, arm |
modules ro/nx, arm64 | |
ptdump, arm64 | |
seccomp-bpf, arm64 | |
PXN, arm | |
crypto- module prefixing | |
ecryptfs one-byte heap write fix | |
arm64 mmap ASLR fix | |
vdso ASLR fix | |
vsyscall=none, x86_64 | |
vdso ASLR, mips | |
v4.0 | kernel ro/nx, arm64 |
stack ASLR fix | |
seccomp-bpf, RET_ERRNO capped to 4095 | |
v4.1 | kernel stack buffer overflow detection, mips |
INET_DIAG cookies fixed | |
ET_DYN ASLR separate from mmap ASLR | |
v4.3 | PAN emulation, arm |
ambient capabilities | |
seccomp-bpf, powerpc | |
x86_32 direct socket calls | |
v4.4 | vsyscall CONFIG |
v4.5 | ASLR entropy bits sysctl |