On Wed, 06 Sep 2017, Arkadiusz Miśkiewicz wrote: > On Tuesday 05 of September 2017, baggins wrote: > > commit aa2cca690b9ce623e4dac08b9563584530a0a489 > > Author: Jan Rękorajski <bagg...@pld-linux.org> > > Date: Tue Sep 5 23:52:49 2017 +0200 > > > > - disable struct randomization, it's pointless for a distro kernel > > Not pointless - exploit needs to match specific pld kernel directly and > generic or other distro exploits won't work.
What is very easy to accomplish, because you have to expose random seed used during kernel build to be able to build external modules. I'm not strongly opposed to the idea, but you need to make sure external modules will build/work if you really want a slower and bigger kernel for slight increase in security. -- Jan Rękorajski | PLD/Linux SysAdm | baggins<at>pld-linux.org | http://www.pld-linux.org/ _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en