CONFIG_GCC_PLUGIN_RANDSTRUCT:

General informations

The Linux kernel configuration item CONFIG_GCC_PLUGIN_RANDSTRUCT has multiple definitions:

found in security/Kconfig.hardening

The configuration item CONFIG_GCC_PLUGIN_RANDSTRUCT:

• prompt:
• type: bool
• depends on: (none)
• defined in security/Kconfig.hardening
• found in Linux kernels: 5.19, 6.0–6.8, 6.9-rc+HEAD

Help text

Use GCC plugin to randomize structure layout.

This plugin was ported from grsecurity/PaX. More information at: * https://grsecurity.net/ * https://pax.grsecurity.net/

Randomize layout of sensitive kernel structures found in scripts/gcc-plugins/Kconfig

The configuration item CONFIG_GCC_PLUGIN_RANDSTRUCT:

• prompt: Randomize layout of sensitive kernel structures
• type: bool
• depends on: (none)
• defined in scripts/gcc-plugins/Kconfig
• found in Linux kernels: 4.19–4.20, 5.0–5.18, 5.18+HEAD

Help text

If you say Y here, the layouts of structures that are entirely function pointers (and have not been manually annotated with __no_randomize_layout), or structures that have been explicitly marked with __randomize_layout, will be randomized at compile-time. This can introduce the requirement of an additional information exposure vulnerability for exploits targeting these structure types.

Enabling this feature will introduce some performance impact, slightly increase memory usage, and prevent the use of forensic tools like Volatility against the system (unless the kernel source tree isn't cleaned after kernel installation).

The seed used for compilation is located at scripts/gcc-plugins/randomize_layout_seed.h. It remains after a make clean to allow for external modules to be compiled with the existing seed and will be removed by a make mrproper or make distclean.

This plugin was ported from grsecurity/PaX. More information at: * https://grsecurity.net/ * https://pax.grsecurity.net/

Randomize layout of sensitive kernel structures found in arch/Kconfig

The configuration item CONFIG_GCC_PLUGIN_RANDSTRUCT:

• prompt: Randomize layout of sensitive kernel structures
• type: bool
• depends on: CONFIG_GCC_PLUGINS
• defined in arch/Kconfig
• found in Linux kernels: 4.13–4.18

Help text

If you say Y here, the layouts of structures that are entirely function pointers (and have not been manually annotated with __no_randomize_layout), or structures that have been explicitly marked with __randomize_layout, will be randomized at compile-time. This can introduce the requirement of an additional information exposure vulnerability for exploits targeting these structure types.

Enabling this feature will introduce some performance impact, slightly increase memory usage, and prevent the use of forensic tools like Volatility against the system (unless the kernel source tree isn't cleaned after kernel installation).

The seed used for compilation is located at scripts/gcc-plgins/randomize_layout_seed.h. It remains after a make clean to allow for external modules to be compiled with the existing seed and will be removed by a make mrproper or make distclean.

Note that the implementation requires gcc 4.7 or newer.

This plugin was ported from grsecurity/PaX. More information at: * https://grsecurity.net/ * https://pax.grsecurity.net/

Hardware

LKDDb

Raw data from LKDDb:

• (none)

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: