ARM

We should fix all the "only x86" and "not available on ARM" pieces of the qrt kernel security tests:

Build helper tools ... (10.04) ok
/proc/$pid/maps is correctly protected ... ok
ASLR enabled ... ok
ASLR of stack ... ok
ASLR of libs ...  (skipped: only x86) ok
ASLR of mmap ...  (skipped: only x86) ok
ASLR of text ...  (skipped: only x86) ok
ASLR of vdso ...  (skipped: only x86) ok
ASLR of brk ...  (skipped: only x86) ok
Low memory allocation respects mmap_min_addr ... ok
AppArmor loaded ... ok
PR_SET_SECCOMP works ...  (skipped: not available on ARM) ok
/dev/kmem not available ... ok
SYN cookies is enabled ... ok
init's CAPABILITY list is clean ... ok
init missing READ_IMPLIES_EXEC ...  (/proc/1/personality)  (skipped: ARM sets ADDR_LIMIT_32BIT) ok
NX bit is working ... ok
CONFIG_COMPAT_BRK disabled ... ok
CONFIG_DEVKMEM disabled ... ok
CONFIG_SECURITY enabled ... ok
CONFIG_SECURITY_SELINUX enabled ... ok
CONFIG_SYN_COOKIES enabled ... ok
CONFIG_SECCOMP enabled ...  (skipped: not available on ARM) ok
CONFIG_COMPAT_VDSO disabled ... ok
CONFIG_DEBUG_RODATA enabled ...  (skipped: only x86) ok
CONFIG_SECURITY_APPARMOR enabled ... ok
CONFIG_STRICT_DEVMEM enabled ...  (skipped: only x86) ok
CONFIG_SECURITY_FILE_CAPABILITIES enabled ... ok
CONFIG_SECURITY_SMACK enabled ... ok
CONFIG_DEFAULT_MMAP_MIN_ADDR ...  (32768) ok
CONFIG_CC_STACKPROTECTOR set ...  (skipped: not available on ARM) ok
Kernel stack guard ...  (skipped: not available on ARM) ok
Sysctl to disable module loading exists ... ok
Kernel memory leak to userspace in signalstack (CVE-2009-2847) ... ok

SecurityTeam/Roadmap/ARM (last edited 2010-03-17 23:18:02 by c-76-105-168-175)