When was ASLR introduced in the Linux kernel?

When was ASLR introduced in the Linux kernel?

[Victor van der Veen]

Hi,

- When was ASLR introduced in the Linux kernel (not PaX/ExecShield)? 
- When was ASLR enabled by default? 
- What's the current state of ASLR in the Linux kernel? Is it still
under development? Or should we rely on the PaX/ExecShield patches?

Wikipedia states that "a weak form of ASLR exists in the linux kernel
since version 2.6.12 (June 2005)", but I could not find any proof that
backs this up. I grepped changelogs of the entire 2.6 kernel, but I was
unable to find any relevant information. Grepping the source code did
not help either. Any more Google results all quote the same wikipedia
line. 

Thanks,
Victor van der Veen

Re: When was ASLR introduced in the Linux kernel?

[Eric Dumazet]

Le mardi 30 novembre 2010 à 12:47 +0100, Victor van der Veen a écrit :
> Hi,
> 
> - When was ASLR introduced in the Linux kernel (not PaX/ExecShield)? 
> - When was ASLR enabled by default? 
> - What's the current state of ASLR in the Linux kernel? Is it still
> under development? Or should we rely on the PaX/ExecShield patches?
> 
> Wikipedia states that "a weak form of ASLR exists in the linux kernel
> since version 2.6.12 (June 2005)", but I could not find any proof that
> backs this up. I grepped changelogs of the entire 2.6 kernel, but I was
> unable to find any relevant information. Grepping the source code did
> not help either. Any more Google results all quote the same wikipedia
> line. 
> 

randomize-va-space:

echo  val >/proc/sys/kernel/randomize_va_space


vi +391 Documentation/sysctl/kernel.txt

This option can be used to select the type of process address
space randomization that is used in the system, for architectures
that support this feature.

0 - Turn the process address space randomization off.  This is the
    default for architectures that do not support this feature anyways,
    and kernels that are booted with the "norandmaps" parameter.

1 - Make the addresses of mmap base, stack and VDSO page randomized.
    This, among other things, implies that shared libraries will be
    loaded to random addresses.  Also for PIE-linked binaries, the
    location of code start is randomized.  This is the default if the
    CONFIG_COMPAT_BRK option is enabled.

2 - Additionally enable heap randomization.  This is the default if
    CONFIG_COMPAT_BRK is disabled.

    There are a few legacy applications out there (such as some ancient
    versions of libc.so.5 from 1996) that assume that brk area starts
    just after the end of the code+bss.  These applications break when
    start of the brk area is randomized.  There are however no known
    non-legacy applications that would be broken this way, so for most
    systems it is safe to choose full randomization.

    Systems with ancient and/or broken binaries should be configured
    with CONFIG_COMPAT_BRK enabled, which excludes the heap from process
    address space randomization.

Re: When was ASLR introduced in the Linux kernel?

[Victor van der Veen]

> > 
> > - When was ASLR introduced in the Linux kernel (not PaX/ExecShield)? 
> > - When was ASLR enabled by default? 
> > - What's the current state of ASLR in the Linux kernel? Is it still
> > under development? Or should we rely on the PaX/ExecShield patches?
> 
> randomize-va-space:
> 
> echo  val >/proc/sys/kernel/randomize_va_space
> 
> 
> vi +391 Documentation/sysctl/kernel.txt
> 
>  <snip>

Thanks, but this was not what I was really looking for. However,
searching for 'randomize_va_space' led me to a thread on lkml started by
Arjan van de Ven on January 27th, 2005:
http://lkml.org/lkml/2005/1/27/56

It would be great if someone can provide more details on this subject:
  1) when was randomize_va_space introduced? (probably somewhere in
2.6.11.x)
  2) when was it enabled by default (2.6.12.? but no announcement in
changelog?)
  3) which additions were added in later releases? (and when?)

Thanks,
Victor

Re: When was ASLR introduced in the Linux kernel?

[Eric Dumazet]

Le mardi 30 novembre 2010 à 18:50 +0100, Victor van der Veen a écrit :

> Thanks, but this was not what I was really looking for. However,
> searching for 'randomize_va_space' led me to a thread on lkml started by
> Arjan van de Ven on January 27th, 2005:
> http://lkml.org/lkml/2005/1/27/56
> 
> It would be great if someone can provide more details on this subject:
>   1) when was randomize_va_space introduced? (probably somewhere in
> 2.6.11.x)

	who cares ?

>   2) when was it enabled by default (2.6.12.? but no announcement in
> changelog?)

commit 42a172a814759a29020e5d1ee580bf4eb86afed2
Author: arjan <arjan>
Date:   Sat Mar 5 17:25:41 2005 +0000

    [PATCH] Randomisation: enable by default
    
    Signed-off-by: Arjan van de Ven <arjan@infradead.org>
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    
    BKrev: 4229eb95j12voWjpsZzY2Wlm6P7Mvg

# git describe --contains 42a172a8
v2.6.11.3~887

>   3) which additions were added in later releases? (and when?)


commit 32a932332c8bad842804842eaf9651ad6268e637
Author: Ingo Molnar <mingo@elte.hu>
Date:   Wed Feb 6 22:39:44 2008 +0100

    brk randomization: introduce CONFIG_COMPAT_BRK
    
    based on similar patch from: Pavel Machek <pavel@ucw.cz>
    
    Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free
    (but not obliged to) randomize the brk area.
    
    Heap randomization breaks ancient binaries, so we keep COMPAT_BRK
    enabled by default.
    
    Signed-off-by: Ingo Molnar <mingo@elte.hu>

git describe --contains 32a932332c8bad842804842eaf9651ad6268e637
v2.6.25-rc1~513^2~15