** Description changed: - <Placeholder bug for enabling CONFIG_DEBUG_CREDENTIALS> + We should enable CONFIG_DEBUG_CREDENTIALS to perform sanity checks, such as verifying usage counts and proper magic values, when handling cred + structs. If a cred sanity check fails a loud warning is printed to the + logs. + + The config option raises the bar on the effort required to implement an + exploit based on cred manipulation. CONFIG_DEBUG_CREDENTIALS will not + prevent the attack but may aide an administrator in discovering such an + attack on the system. + + This config option is recommended by the Kernel Self Protection + Project[1]. + + [1] + https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1855335 Title: CONFIG_DEBUG_CREDENTIALS should be enabled Status in linux package in Ubuntu: In Progress Bug description: We should enable CONFIG_DEBUG_CREDENTIALS to perform sanity checks, such as verifying usage counts and proper magic values, when handling cred structs. If a cred sanity check fails a loud warning is printed to the logs. The config option raises the bar on the effort required to implement an exploit based on cred manipulation. CONFIG_DEBUG_CREDENTIALS will not prevent the attack but may aide an administrator in discovering such an attack on the system. This config option is recommended by the Kernel Self Protection Project[1]. [1] https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855335/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
