Bug 12382

Summary: CONFIG_GCC_PLUGIN_STACKLEAK is not set
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Peter Müller <peter.mueller>
Status: CLOSED WONTFIX QA Contact:
Severity: Security    
Priority: - Unknown - CC: peter.mueller
Version: 2   
Hardware: all   
OS: All   
Bug Depends on:    
Bug Blocks: 12361    

Description Peter Müller 2020-04-15 19:19:06 UTC 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings recommends this:

> # Wipe stack contents on syscall exit (reduces stale data lifetime in stack)
> CONFIG_GCC_PLUGIN_STACKLEAK=y
Comment 1 Peter Müller 2020-06-09 17:54:48 UTC 
https://patchwork.ipfire.org/patch/3179/
Comment 2 Peter Müller 2023-03-20 15:19:00 UTC 
Closing this, since we probably will never be able to enable it, and the security benefit of this feature is questionable in our setup and current kernel configuration.