|
|
@@ -809,15 +809,18 @@ config KUSER_HELPERS
|
|
|
the CPU type fitted to the system. This permits binaries to be
|
|
|
run on ARMv4 through to ARMv7 without modification.
|
|
|
|
|
|
+ See Documentation/arm/kernel_user_helpers.txt for details.
|
|
|
+
|
|
|
However, the fixed address nature of these helpers can be used
|
|
|
by ROP (return orientated programming) authors when creating
|
|
|
exploits.
|
|
|
|
|
|
If all of the binaries and libraries which run on your platform
|
|
|
are built specifically for your platform, and make no use of
|
|
|
- these helpers, then you can turn this option off. However,
|
|
|
- when such an binary or library is run, it will receive a SIGILL
|
|
|
- signal, which will terminate the program.
|
|
|
+ these helpers, then you can turn this option off to hinder
|
|
|
+ such exploits. However, in that case, if a binary or library
|
|
|
+ relying on those helpers is run, it will receive a SIGILL signal,
|
|
|
+ which will terminate the program.
|
|
|
|
|
|
Say N here only if you are absolutely certain that you do not
|
|
|
need these helpers; otherwise, the safe option is to say Y.
|
Russell King