diff options
author | Laura Abbott <labbott@redhat.com> | 2017-02-06 16:31:58 -0800 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-02-07 12:32:52 -0800 |
commit | 0f5bf6d0afe4be6e1391908ff2d6dc9730e91550 (patch) | |
tree | 12c10057175483fe3f3720b37b7ffb5b73241b2a /Documentation/security | |
parent | ad21fc4faa2a1f919bac1073b885df9310dbc581 (diff) |
arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX
Both of these options are poorly named. The features they provide are
necessary for system security and should not be considered debug only.
Change the names to CONFIG_STRICT_KERNEL_RWX and
CONFIG_STRICT_MODULE_RWX to better describe what these options do.
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Jessica Yu <jeyu@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/self-protection.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Documentation/security/self-protection.txt b/Documentation/security/self-protection.txt index f41dd00e8b98..141acfebe6ef 100644 --- a/Documentation/security/self-protection.txt +++ b/Documentation/security/self-protection.txt @@ -51,8 +51,8 @@ kernel, they are implemented in a way where the memory is temporarily made writable during the update, and then returned to the original permissions.) -In support of this are (the poorly named) CONFIG_DEBUG_RODATA and -CONFIG_DEBUG_SET_MODULE_RONX, which seek to make sure that code is not +In support of this are CONFIG_STRICT_KERNEL_RWX and +CONFIG_STRICT_MODULE_RWX, which seek to make sure that code is not writable, data is not executable, and read-only data is neither writable nor executable. |