Commit 32a932332c8bad842804842eaf9651ad6268e637
1 parent
4cc6028d40
Exists in
master
and in
4 other branches
brk randomization: introduce CONFIG_COMPAT_BRK
based on similar patch from: Pavel Machek <pavel@ucw.cz> Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free (but not obliged to) randomize the brk area. Heap randomization breaks ancient binaries, so we keep COMPAT_BRK enabled by default. Signed-off-by: Ingo Molnar <mingo@elte.hu>
Showing 3 changed files with 25 additions and 2 deletions Side-by-side Diff
fs/binfmt_elf.c
... | ... | @@ -1077,7 +1077,7 @@ |
1077 | 1077 | current->mm->start_stack = bprm->p; |
1078 | 1078 | |
1079 | 1079 | #ifdef arch_randomize_brk |
1080 | - if (current->flags & PF_RANDOMIZE) | |
1080 | + if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) | |
1081 | 1081 | current->mm->brk = current->mm->start_brk = |
1082 | 1082 | arch_randomize_brk(current->mm); |
1083 | 1083 | #endif |
init/Kconfig
... | ... | @@ -541,6 +541,18 @@ |
541 | 541 | help |
542 | 542 | Enable support for generating core dumps. Disabling saves about 4k. |
543 | 543 | |
544 | +config COMPAT_BRK | |
545 | + bool "Disable heap randomization" | |
546 | + default y | |
547 | + help | |
548 | + Randomizing heap placement makes heap exploits harder, but it | |
549 | + also breaks ancient binaries (including anything libc5 based). | |
550 | + This option changes the bootup default to heap randomization | |
551 | + disabled, and can be overriden runtime by setting | |
552 | + /proc/sys/kernel/randomize_va_space to 2. | |
553 | + | |
554 | + On non-ancient distros (post-2000 ones) Y is usually a safe choice. | |
555 | + | |
544 | 556 | config BASE_FULL |
545 | 557 | default y |
546 | 558 | bool "Enable full-sized data structures for core" if EMBEDDED |
mm/memory.c
... | ... | @@ -82,7 +82,18 @@ |
82 | 82 | EXPORT_SYMBOL(num_physpages); |
83 | 83 | EXPORT_SYMBOL(high_memory); |
84 | 84 | |
85 | -int randomize_va_space __read_mostly = 1; | |
85 | +/* | |
86 | + * Randomize the address space (stacks, mmaps, brk, etc.). | |
87 | + * | |
88 | + * ( When CONFIG_COMPAT_BRK=y we exclude brk from randomization, | |
89 | + * as ancient (libc5 based) binaries can segfault. ) | |
90 | + */ | |
91 | +int randomize_va_space __read_mostly = | |
92 | +#ifdef CONFIG_COMPAT_BRK | |
93 | + 1; | |
94 | +#else | |
95 | + 2; | |
96 | +#endif | |
86 | 97 | |
87 | 98 | static int __init disable_randmaps(char *s) |
88 | 99 | { |