This change was applied during the Focal development cycle but then
reverted pending performance testing results. That performance testing
work was never finished and I'm no longer working on this bug.
** Changed in: linux (Ubuntu)
Status: Fix Committed => Triaged
** Changed in: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855335
Title:
CONFIG_DEBUG_CREDENTIALS should be enabled
Status in linux package in Ubuntu:
Triaged
Bug description:
We should enable CONFIG_DEBUG_CREDENTIALS to perform sanity checks, such as
verifying usage counts and proper magic values, when handling cred
structs. If a cred sanity check fails a loud warning is printed to the
logs.
The config option raises the bar on the effort required to implement an
exploit based on cred manipulation. CONFIG_DEBUG_CREDENTIALS will not
prevent the attack but may aide an administrator in discovering such an
attack on the system.
This config option is recommended by the Kernel Self Protection
Project[1].
[1]
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855335/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
