lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Feb 2008 11:43:43 +0100 (CET) From: Geert Uytterhoeven <Geert.Uytterhoeven@...ycom.com> To: Ingo Molnar <mingo@...e.hu> cc: Jiri Kosina <jkosina@...e.cz>, Andrew Morton <akpm@...ux-foundation.org>, Arjan van de Ven <arjan@...radead.org>, Randy Dunlap <randy.dunlap@...cle.com>, Hugh Dickins <hugh@...itas.com>, Pavel Machek <pavel@....cz>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking On Thu, 7 Feb 2008, Ingo Molnar wrote: > * Geert Uytterhoeven <Geert.Uytterhoeven@...ycom.com> wrote: > > On Wed, 6 Feb 2008, Ingo Molnar wrote: > > > @@ -541,6 +541,18 @@ config ELF_CORE > > > help > > > Enable support for generating core dumps. Disabling saves about 4k. > > > > > > +config COMPAT_BRK > > > + bool "Disable heap randomization" > > > + default y > > > + help > > > + Randomizing heap placement makes heap exploits harder, but it > > > + also breaks ancient binaries (including anything libc5 based). > > > + This option changes the bootup default to heap randomization > > > + disabled, and can be overriden runtime by setting > > > + /proc/sys/kernel/randomize_va_space to 2. > > > + > > > + On non-ancient distros (post-2000 ones) Y is usually a safe choice. > > > > Somehow my belly feeling tells me something is wrong with this description... > > > > Ah, a negative option (Y -> disable). So Y is always safe. > > > > `non-ancient distros' really means `recent distros', and if you have > > one, then _N_ should be a safe choice, too? > > yeah, you are right :-) I'll fix this. > > btw., "non-ancient distros" does not just mean "recent distros", it > really means "just about any distro you picked up in the past 10 years". > You'd have to go out on a limb to find something historic (or keep > copying /lib/libc5 binaries to new distros like Pavel did) to still have > this particular libc5 assumption/breakage. [ Or at least so i hope =B-)] Bummer, I guess my good old m68k recovery ramdisk is affected ;-) With kind regards, Geert Uytterhoeven Software Architect Sony Network and Software Technology Center Europe The Corporate Village · Da Vincilaan 7-D1 · B-1935 Zaventem · Belgium Phone: +32 (0)2 700 8453 Fax: +32 (0)2 700 8622 E-mail: Geert.Uytterhoeven@...ycom.com Internet: http://www.sony-europe.com/ Sony Network and Software Technology Center Europe A division of Sony Service Centre (Europe) N.V. Registered office: Technologielaan 7 · B-1840 Londerzeel · Belgium VAT BE 0413.825.160 · RPR Brussels Fortis Bank Zaventem · Swift GEBABEBB08A · IBAN BE39001382358619
Powered by blists - more mailing lists