Bug 12382 - CONFIG_GCC_PLUGIN_STACKLEAK is not set
Summary: CONFIG_GCC_PLUGIN_STACKLEAK is not set
Status: CLOSED WONTFIX
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: - Unknown - Security
Assignee: Peter Müller
QA Contact:
URL:
Keywords:
Depends on:
Blocks: KERNSEC
  Show dependency treegraph
 
Reported: 2020-04-15 19:19 UTC by Peter Müller
Modified: 2023-03-20 15:19 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2020-04-15 19:19:06 UTC 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings recommends this:

> # Wipe stack contents on syscall exit (reduces stale data lifetime in stack)
> CONFIG_GCC_PLUGIN_STACKLEAK=y
Comment 1 Peter Müller 2020-06-09 17:54:48 UTC 
https://patchwork.ipfire.org/patch/3179/
Comment 2 Peter Müller 2023-03-20 15:19:00 UTC 
Closing this, since we probably will never be able to enable it, and the security benefit of this feature is questionable in our setup and current kernel configuration.