** Description changed: - <Placeholder bug for enabling CONFIG_DEBUG_CREDENTIALS> + We should enable CONFIG_DEBUG_CREDENTIALS to perform sanity checks, such as verifying usage counts and proper magic values, when handling cred + structs. If a cred sanity check fails a loud warning is printed to the + logs. + + The config option raises the bar on the effort required to implement an + exploit based on cred manipulation. CONFIG_DEBUG_CREDENTIALS will not + prevent the attack but may aide an administrator in discovering such an + attack on the system. + + This config option is recommended by the Kernel Self Protection + Project[1]. + + [1] + https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1855335 Title: CONFIG_DEBUG_CREDENTIALS should be enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855335/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
