diff options
Diffstat (limited to 'security/Kconfig.hardening')
| -rw-r--r-- | security/Kconfig.hardening | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 45748379f896..23ffb0d7c845 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -282,6 +282,15 @@ endmenu menu "Bounds checking" +config FORTIFY_SOURCE + bool "Harden common str/mem functions against buffer overflows" + depends on ARCH_HAS_FORTIFY_SOURCE + # https://github.com/llvm/llvm-project/issues/53645 + depends on !CC_IS_CLANG || !X86_32 + help + Detect overflows of buffers in common string and memory functions + where the compiler can determine and validate the buffer sizes. + config HARDENED_USERCOPY bool "Harden memory copies between kernel and userspace" imply STRICT_DEVMEM |