mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-27 03:07:43 +02:00
4c46e7f818
To quote from the kernel documentation: > If you say Y here, the layouts of structures that are entirely > function pointers (and have not been manually annotated with > __no_randomize_layout), or structures that have been explicitly > marked with __randomize_layout, will be randomized at compile-time. > This can introduce the requirement of an additional information > exposure vulnerability for exploits targeting these structure > types. > > Enabling this feature will introduce some performance impact, > slightly increase memory usage, and prevent the use of forensic > tools like Volatility against the system (unless the kernel > source tree isn't cleaned after kernel installation). > > The seed used for compilation is located at > scripts/gcc-plgins/randomize_layout_seed.h. It remains after > a make clean to allow for external modules to be compiled with > the existing seed and will be removed by a make mrproper or > make distclean. > > Note that the implementation requires gcc 4.7 or newer. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>