kernel: Enable FORTIFY_SOURCE for 4.13 kernels

This new feature was disabled by default, enable it as it seems sensible to have. From the documentation: Detect overflows of buffers in common string and memory functions where the compiler can determine and validate the buffer sizes. Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2025-07-19 09:16:29 +00:00 · 2017-10-02 14:43:44 +01:00 · 2017-10-02 14:43:44 +01:00 · 6f535f866a
commit 6f535f866a
parent d0e55af229
2 changed files with 2 additions and 2 deletions
--- a/kernel/kernel_config-4.13.x-aarch64
+++ b/kernel/kernel_config-4.13.x-aarch64
@ -3864,7 +3864,7 @@ CONFIG_SECURITY_PATH=y
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
 # CONFIG_SECURITY_SELINUX is not set
--- a/kernel/kernel_config-4.13.x-x86_64
+++ b/kernel/kernel_config-4.13.x-x86_64
@ -3817,7 +3817,7 @@ CONFIG_SECURITY_PATH=y
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
-# CONFIG_FORTIFY_SOURCE is not set
+CONFIG_FORTIFY_SOURCE=y
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
 # CONFIG_SECURITY_SELINUX is not set