From: Ingo Molnar <mingo@elte.hu>
To: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Cc: Jiri Kosina <jkosina@suse.cz>,
Andrew Morton <akpm@linux-foundation.org>,
Arjan van de Ven <arjan@infradead.org>,
Randy Dunlap <randy.dunlap@oracle.com>,
Hugh Dickins <hugh@veritas.com>, Pavel Machek <pavel@ucw.cz>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking
Date: Thu, 7 Feb 2008 11:32:32 +0100 [thread overview]
Message-ID: <20080207103231.GD16735@elte.hu> (raw)
In-Reply-To: <Pine.LNX.4.64.0802071120110.11914@vixen.sonytel.be>
* Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> wrote:
> On Wed, 6 Feb 2008, Ingo Molnar wrote:
> > @@ -541,6 +541,18 @@ config ELF_CORE
> > help
> > Enable support for generating core dumps. Disabling saves about 4k.
> >
> > +config COMPAT_BRK
> > + bool "Disable heap randomization"
> > + default y
> > + help
> > + Randomizing heap placement makes heap exploits harder, but it
> > + also breaks ancient binaries (including anything libc5 based).
> > + This option changes the bootup default to heap randomization
> > + disabled, and can be overriden runtime by setting
> > + /proc/sys/kernel/randomize_va_space to 2.
> > +
> > + On non-ancient distros (post-2000 ones) Y is usually a safe choice.
>
> Somehow my belly feeling tells me something is wrong with this description...
>
> Ah, a negative option (Y -> disable). So Y is always safe.
>
> `non-ancient distros' really means `recent distros', and if you have
> one, then _N_ should be a safe choice, too?
yeah, you are right :-) I'll fix this.
btw., "non-ancient distros" does not just mean "recent distros", it
really means "just about any distro you picked up in the past 10 years".
You'd have to go out on a limb to find something historic (or keep
copying /lib/libc5 binaries to new distros like Pavel did) to still have
this particular libc5 assumption/breakage. [ Or at least so i hope =B-)]
Ingo
next prev parent reply other threads:[~2008-02-07 10:33 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-06 13:45 [PATCH 0/2] brk and randomization fixes Jiri Kosina
2008-02-06 13:45 ` [PATCH 1/2] brk: check the lower bound properly Jiri Kosina
2008-02-06 13:45 ` [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking Jiri Kosina
2008-02-06 13:49 ` Ingo Molnar
2008-02-06 16:26 ` [PATCH] Document randomize_va_space and CONFIG_COMPAT_BRK (was Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking) Jiri Kosina
2008-02-06 23:10 ` Ingo Molnar
2008-02-07 9:49 ` Jiri Kosina
2008-02-07 14:30 ` Jiri Kosina
2008-02-07 15:01 ` Ingo Molnar
2008-02-07 10:23 ` [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking Geert Uytterhoeven
2008-02-07 10:31 ` Ismail Dönmez
2008-02-07 10:32 ` Ingo Molnar [this message]
2008-02-07 10:43 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080207103231.GD16735@elte.hu \
--to=mingo@elte.hu \
--cc=Geert.Uytterhoeven@sonycom.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=hugh@veritas.com \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=randy.dunlap@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.