Commit Graph

3 Commits (33ccfe0e149f19c9d18165fa45b9df4b0c30e881)

Author SHA1 Message Date
Hauke Mehrtens 2164a7bf15 x86: Activate CONFIG_X86_SMAP
This activates "Supervisor Mode Access Prevention". modern CPUs will
prevent the kernel code from accessing any data from the userspace
without the usage of copy_to_user() or copy_from_user()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Hauke Mehrtens 75eb8a146d kernel: Deactivate CONFIG_BINFMT_MISC
CONFIG_BINFMT_MISC allows it to add support for new executable formats
to the kernel from user space, the kernel will then detect for example a
java binary and call the java execution program automatically. I am not
aware that this feature is used in OpenWrt and this could be used to
exploit something. Deactivate it for all targets for now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-11 17:15:41 +02:00
Hauke Mehrtens 75fdf3ba01 x86: Add support for kernel 4.19
This adds initial support for kernel 4.19 to the x86 target.
The patches and the kernel configurations were copied from kernel 4.14
and then refreshed.

The legacy and the genode target will not support PAE any more because
they use a CPU type which does not support PAE, the generic sub target
still supports PAE.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-12 22:40:36 +01:00