[PATCH] Document randomize_va_space and CONFIG_COMPAT_BRK (was Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Jiri Kosina <jkosina@...>

To: Ingo Molnar <mingo@...>

Cc: Andrew Morton <akpm@...>, Arjan van de Ven <arjan@...>, Randy Dunlap <randy.dunlap@...>, Hugh Dickins <hugh@...>, Pavel Machek <pavel@...>, <linux-kernel@...>

Subject: [PATCH] Document randomize_va_space and CONFIG_COMPAT_BRK (was Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking)

Date: Wednesday, February 6, 2008 - 12:26 pm

On Wed, 6 Feb 2008, Ingo Molnar wrote:

quoted text> i've already added the patch below to x86.git.

OK, cool, thanks.

Still, I think that we want the Documentation/sysctl/kernel.txt part of my 
patch probably. Updated patch below.


From: Jiri Kosina <jkosina@suse.cz>

Document randomize_va_space and CONFIG_COMPAT_BRK

diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 8984a53..dc8801d 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -41,6 +41,7 @@ show up in /proc/sys/kernel:
 - pid_max
 - powersave-nap               [ PPC only ]
 - printk
+- randomize_va_space
 - real-root-dev               ==> Documentation/initrd.txt
 - reboot-cmd                  [ SPARC only ]
 - rtsig-max
@@ -280,6 +281,34 @@ send before ratelimiting kicks in.
 
 ==============================================================
 
+randomize-va-space:
+
+This option can be used to select the type of process address
+space randomization that is used in the system, for architectures
+that support this feature.
+
+0 - Turn the process address space randomization off by default.
+
+1 - Make the addresses of mmap base, stack and VDSO page randomized.
+    This, among other things, implies that shared libraries will be
+    loaded to random addresses. Also for PIE-linked binaries, the location
+    of code start is randomized.
+
+    With heap randomization, the situation is a little bit more
+    complicated.
+    There a few legacy applications out there (such as some ancient
+    versions of libc.so.5 from 1996) that assume that brk area starts
+    just after the end of the code+bss. These applications break when
+    start of the brk area is randomized. There are however no known
+    non-legacy applications that would be broken this way, so for most
+    systems it is safe to choose full randomization. However there is
+    a CONFIG_COMPAT_BRK option for systems with ancient and/or broken
+    binaries, that makes heap non-randomized, but keeps all other
+    parts of process address space randomized if randomize_va_space
+    sysctl is turned on.
+
+==============================================================
+
 reboot-cmd: (Sparc only)
 
 ??? This seems to be a way to give an argument to the Sparc
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 0/2] brk and randomization fixes, Jiri Kosina, (Wed Feb 6, 9:45 am)

[PATCH 2/2] ASLR: add possibility for more fine-grained twea..., Jiri Kosina, (Wed Feb 6, 9:45 am)

Re: [PATCH 2/2] ASLR: add possibility for more fine-grained ..., Ingo Molnar, (Wed Feb 6, 9:49 am)

Re: [PATCH 2/2] ASLR: add possibility for more fine-grained ..., Geert Uytterhoeven, (Thu Feb 7, 6:23 am)

Re: [PATCH 2/2] ASLR: add possibility for more fine-grained ..., Ingo Molnar, (Thu Feb 7, 6:32 am)

Re: [PATCH 2/2] ASLR: add possibility for more fine-grained ..., Geert Uytterhoeven, (Thu Feb 7, 6:43 am)

Re: [PATCH 2/2] ASLR: add possibility for more fine-grained ..., Ismail , (Thu Feb 7, 6:31 am)

[PATCH] Document randomize_va_space and CONFIG_COMPAT_BRK (w..., Jiri Kosina, (Wed Feb 6, 12:26 pm)

Re: [PATCH] Document randomize_va_space and CONFIG_COMPAT_BR..., Ingo Molnar, (Wed Feb 6, 7:10 pm)

Re: [PATCH] Document randomize_va_space and CONFIG_COMPAT_BR..., Jiri Kosina, (Thu Feb 7, 10:30 am)

Re: [PATCH] Document randomize_va_space and CONFIG_COMPAT_BR..., Ingo Molnar, (Thu Feb 7, 11:01 am)

Re: [PATCH] Document randomize_va_space and CONFIG_COMPAT_BR..., Jiri Kosina, (Thu Feb 7, 5:49 am)

[PATCH 1/2] brk: check the lower bound properly, Jiri Kosina, (Wed Feb 6, 9:45 am)


linux-kernel:
Andrew Morton	-mm merge plans for 2.6.23
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Greg KH	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Tomasz Kłoczko	Is it time for remove (crap) ALSA from kernel tree ?
git:

linux-netdev:
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	[GIT]: Networking
Paweł Staszewski	iproute2 action/policer question
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
openbsd-misc:

[PATCH] Document randomize_va_space and CONFIG_COMPAT_BRK (was Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking)

Online users