linux_hardened: structleak covers structs passed by address

2024-11-01 23:22:37 +00:00 · 2017-11-15 21:39:50 +01:00 · 2017-11-15 21:39:50 +01:00 · 870c86d0ee
commit 870c86d0ee
parent 8ecae36963
1 changed files with 3 additions and 0 deletions
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@ -100,6 +100,9 @@ GCC_PLUGINS y # Enable gcc plugin options
 ${optionalString (versionAtLeast version "4.11") ''
  GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
 ''}
+${optionalString (versionAtLeast version "4.14") ''
+  GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
+''}

 # Disable various dangerous settings
 ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory