From: "Ismail Dönmez" <ismail@pardus.org.tr>
To: Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>
Cc: Ingo Molnar <mingo@elte.hu>, Jiri Kosina <jkosina@suse.cz>,
Andrew Morton <akpm@linux-foundation.org>,
Arjan van de Ven <arjan@infradead.org>,
Randy Dunlap <randy.dunlap@oracle.com>,
Hugh Dickins <hugh@veritas.com>, Pavel Machek <pavel@ucw.cz>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking
Date: Thu, 7 Feb 2008 12:31:47 +0200 [thread overview]
Message-ID: <200802071231.47614.ismail@pardus.org.tr> (raw)
In-Reply-To: <Pine.LNX.4.64.0802071120110.11914@vixen.sonytel.be>
At Thursday 07 February 2008 around 12:23:50 Geert Uytterhoeven wrote:
> On Wed, 6 Feb 2008, Ingo Molnar wrote:
> > @@ -541,6 +541,18 @@ config ELF_CORE
> > help
> > Enable support for generating core dumps. Disabling saves about
> > 4k.
> > +config COMPAT_BRK
> > + bool "Disable heap randomization"
> > + default y
> > + help
> > + Randomizing heap placement makes heap exploits harder, but it
> > + also breaks ancient binaries (including anything libc5 based).
> > + This option changes the bootup default to heap randomization
> > + disabled, and can be overriden runtime by setting
> > + /proc/sys/kernel/randomize_va_space to 2.
> > +
> > + On non-ancient distros (post-2000 ones) Y is usually a safe
> > choice.
>
> Somehow my belly feeling tells me something is wrong with this
> description...
>
> Ah, a negative option (Y -> disable). So Y is always safe.
>
> `non-ancient distros' really means `recent distros', and if you have one,
> then _N_ should be a safe choice, too?
This indeed looks wrong. The default should be N and the text should say "On
recent distros (post-2000 ones) N is usually a safe choice".
Regards,
ismail
--
Never learn by your mistakes, if you do you may never dare to try again.
next prev parent reply other threads:[~2008-02-07 10:32 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-06 13:45 [PATCH 0/2] brk and randomization fixes Jiri Kosina
2008-02-06 13:45 ` [PATCH 1/2] brk: check the lower bound properly Jiri Kosina
2008-02-06 13:45 ` [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking Jiri Kosina
2008-02-06 13:49 ` Ingo Molnar
2008-02-06 16:26 ` [PATCH] Document randomize_va_space and CONFIG_COMPAT_BRK (was Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking) Jiri Kosina
2008-02-06 23:10 ` Ingo Molnar
2008-02-07 9:49 ` Jiri Kosina
2008-02-07 14:30 ` Jiri Kosina
2008-02-07 15:01 ` Ingo Molnar
2008-02-07 10:23 ` [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking Geert Uytterhoeven
2008-02-07 10:31 ` Ismail Dönmez [this message]
2008-02-07 10:32 ` Ingo Molnar
2008-02-07 10:43 ` Geert Uytterhoeven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200802071231.47614.ismail@pardus.org.tr \
--to=ismail@pardus.org.tr \
--cc=Geert.Uytterhoeven@sonycom.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=hugh@veritas.com \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=pavel@ucw.cz \
--cc=randy.dunlap@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.