1 files changed, 26 insertions, 0 deletions

diff --git a/sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0019-disable-MODIFY_LDT_SYSCALL-by-default.patch b/sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0019-disable-MODIFY_LDT_SYSCALL-by-default.patch
new file mode 100644
index 000000000000..0b678d5296ad
--- /dev/null
+++ b/sys-kernel/cairn-sources/files/5.10.10/hardened-patches/0019-disable-MODIFY_LDT_SYSCALL-by-default.patch
@@ -0,0 +1,26 @@
+From bbfa74d67f0577c7660978068e201135faa93c8e Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Thu, 4 May 2017 18:16:16 -0400
+Subject: [PATCH 019/113] disable MODIFY_LDT_SYSCALL by default
+
+Signed-off-by: Daniel Micay <danielmicay@gmail.com>
+Signed-off-by: Levente Polyak <levente@leventepolyak.net>
+---
+ arch/x86/Kconfig | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 7b9df510469b..63e1e9fc18dd 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -2393,7 +2393,6 @@ config CMDLINE_OVERRIDE
+ 
+ config MODIFY_LDT_SYSCALL
+ 	bool "Enable the LDT (local descriptor table)"
+-	default y
+ 	help
+ 	  Linux can allow user programs to install a per-process x86
+ 	  Local Descriptor Table (LDT) using the modify_ldt(2) system
+-- 
+2.30.0
+