Feature List

From Linux Kernel Security Subsystem
Revision as of 22:21, 4 May 2016 by KeesCook (talk | contribs)
Jump to navigation Jump to search

This is a list of various interesting security features since v3.4 and when they were introduced in the upstream kernel. Feel free to add anything more!


Version Feature
v3.5 seccomp-bpf, x86
v3.7 PXN, arm64
v3.8 seccomp-bpf, arm
seccomp reported in /proc/$pid/status
finit_module syscall and LSM hook
v3.13 remove %n from printf
v3.14 ptdump, arm
kaslr, x86
modules ro/nx, arm
stack-protector-strong
kexec_load_disabled
v3.15 seccomp-bpf, mips
lkdtm WRITE_KERN
module aslr, x86
v3.16 harden sysctl writing
v3.17 seccomp syscall and TSYNC
request_firmware LSM hook
v3.18 kernel memory W^X, x86
overlayfs v3.18
v3.19 kernel ro/nx, arm
modules ro/nx, arm64
ptdump, arm64
seccomp-bpf, arm64
PXN, arm
crypto- module prefixing
ecryptfs one-byte heap write fix
arm64 mmap ASLR fix
vdso ASLR fix
vsyscall=none, x86_64
vdso ASLR, mips
v4.0 kernel ro/nx, arm64
stack ASLR fix
seccomp-bpf, RET_ERRNO capped to 4095
v4.1 kernel stack buffer overflow detection, mips
INET_DIAG cookies fixed
ET_DYN ASLR separate from mmap ASLR
v4.3 PAN emulation, arm
ambient capabilities
seccomp-bpf, powerpc
x86_32 direct socket calls
v4.4 vsyscall CONFIG
v4.5 ASLR entropy bits sysctl