Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Fedora
System Settings
Kernel Configuration
Harden common str/mem functions against buffer overflows
Harden common str/mem functions against buffer overflows
An XCCDF Rule
Details
Profiles
Prose
Harden common str/mem functions against buffer overflows
Medium Severity
Detect overflows of buffers in common string and memory functions where the compiler can determine and validate the buffer sizes. This configuration is available from kernel 4.13, but may be available if backported by distros. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_FORTIFY_SOURCE
, run the following command:
grep CONFIG_FORTIFY_SOURCE /boot/config-*
For each kernel installed, a line with value "y" should be returned.