This activates CONFIG_SLAB_FREELIST_RANDOM.
This option make the free list less predictable. This makes it harder to
exploit heap based security vulnerabilities.
This adds a little bit more code to the kernel and a small additional
compute overhead.
This option is activated in Debian by default.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
# CONFIG_SLAB is not set
CONFIG_SLABINFO=y
CONFIG_SLAB_FREELIST_HARDENED=y
-# CONFIG_SLAB_FREELIST_RANDOM is not set
+CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_MERGE_DEFAULT=y
# CONFIG_SLHC is not set
# CONFIG_SLICOSS is not set
# CONFIG_SLAB is not set
CONFIG_SLABINFO=y
CONFIG_SLAB_FREELIST_HARDENED=y
-# CONFIG_SLAB_FREELIST_RANDOM is not set
+CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_MERGE_DEFAULT=y
# CONFIG_SLHC is not set
# CONFIG_SLICOSS is not set