Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
0

Linux 6.1 Default Kernel Config To Warn At Boot Of W+X Mappings | #linux | #linuxsecurity | #hacking | #aihp


A change queued up as part of the “x86/mm” TIP changes expected to land for Linux 6.1 will now have the default kernel configuration warn at kernel boot time around any W+X mappings that pose a security risk.

Going back to 2015 has been the “CONFIG_DEBUG_WX” kernel option to warn of mappings at kernel boot time that are set to writable and executable, since they pose a security risk. The intention of this “debug” option is to warn of W+X mappings left by the kernel after applying NX. Any mappings will be dumped to the kernel log for uncovering potential kernel problems.

CONFIG_DEBUG_WX has been happily working on Linux kernel releases for the past seven years albeit not part of the x86/x86_64 default kernel configuration. But with this week’s TIP x86/mm changes of material queuing ahead of the Linux 6.1 merge window, CONFIG_DEBUG_WX would be enabled by default.


CONFIG_DEBUG_WX

This commit adds the CONFIG_DEBUG_WX option by default for the i386 and x86_64 defconfigs. Non-x86 architectures are currently unchanged in their DEBUG_WX default configuration. This W+X checking only happens at boot time with no run-time or memory performance impact from this change, so it should be a safe default kernel configuration change for users moving forward.

Original Source link

Click Here For The Original Source.


————————————————————————————-

National Cyber Security

FREE
VIEW