Discover Security Projects News
Linux 6.1 Default Kernel Config To Warn At Boot Of W+X Mappings
A change queued up as part of the "x86/mm" TIP changes expected to land for Linux 6.1 will now have the default kernel configuration warn at kernel boot time around any W+X mappings that pose a security risk.
Going back to 2015 has been the "CONFIG_DEBUG_WX" kernel option to warn of mappings at kernel boot time that are set to writable and executable, since they pose a security risk. The intention of this "debug" option is to warn of W+X mappings left by the kernel after applying NX. Any mappings will be dumped to the kernel log for uncovering potential kernel problems.
CONFIG_DEBUG_WX has been happily working on Linux kernel releases for the past seven years albeit not part of the x86/x86_64 default kernel configuration. But with this week's TIP x86/mm changes of material queuing ahead of the Linux 6.1 merge window, CONFIG_DEBUG_WX would be enabled by default.