brk randomization: introduce CONFIG_COMPAT_BRK

based on similar patch from: Pavel Machek <pavel@ucw.cz> Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free (but not obliged to) randomize the brk area. Heap randomization breaks ancient binaries, so we keep COMPAT_BRK enabled by default. Signed-off-by: Ingo Molnar <mingo@elte.hu>

brk randomization: introduce CONFIG_COMPAT_BRK
based on similar patch from: Pavel Machek <pavel@ucw.cz> Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free (but not obliged to) randomize the brk area. Heap randomization breaks ancient binaries, so we keep COMPAT_BRK enabled by default. Signed-off-by: Ingo Molnar <mingo@elte.hu>
Ingo Molnar
1 parent 4cc6028d40
Showing 3 changed files with 25 additions and 2 deletions Side-by-side Diff
fs/binfmt_elf.c
init/Kconfig
mm/memory.c
@@ -1077,7 +1077,7 @@
 	current->mm->start_stack = bprm->p;
  
 #ifdef arch_randomize_brk
-	if (current->flags & PF_RANDOMIZE)
+	if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
 		current->mm->brk = current->mm->start_brk =
 			arch_randomize_brk(current->mm);
 #endif
@@ -541,6 +541,18 @@
 	help
 	  Enable support for generating core dumps. Disabling saves about 4k.
  
+config COMPAT_BRK
+	bool "Disable heap randomization"
+	default y
+	help
+	  Randomizing heap placement makes heap exploits harder, but it
+	  also breaks ancient binaries (including anything libc5 based).
+	  This option changes the bootup default to heap randomization
+	  disabled, and can be overriden runtime by setting
+	  /proc/sys/kernel/randomize_va_space to 2.
+
+	  On non-ancient distros (post-2000 ones) Y is usually a safe choice.
+
 config BASE_FULL
 	default y
 	bool "Enable full-sized data structures for core" if EMBEDDED
@@ -82,7 +82,18 @@
 EXPORT_SYMBOL(num_physpages);
 EXPORT_SYMBOL(high_memory);
  
-int randomize_va_space __read_mostly = 1;
+/*
+ * Randomize the address space (stacks, mmaps, brk, etc.).
+ *
+ * ( When CONFIG_COMPAT_BRK=y we exclude brk from randomization,
+ *   as ancient (libc5 based) binaries can segfault. )
+ */
+int randomize_va_space __read_mostly =
+#ifdef CONFIG_COMPAT_BRK
+					1;
+#else
+					2;
+#endif
  
 static int __init disable_randmaps(char *s)
 {
...	...	@@ -1077,7 +1077,7 @@
1077	1077	current->mm->start_stack = bprm->p;
1078	1078
1079	1079	#ifdef arch_randomize_brk
1080		- if (current->flags & PF_RANDOMIZE)
	1080	+ if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
1081	1081	current->mm->brk = current->mm->start_brk =
1082	1082	arch_randomize_brk(current->mm);
1083	1083	#endif
...	...	@@ -541,6 +541,18 @@
541	541	help
542	542	Enable support for generating core dumps. Disabling saves about 4k.
543	543
	544	+config COMPAT_BRK
	545	+ bool "Disable heap randomization"
	546	+ default y
	547	+ help
	548	+ Randomizing heap placement makes heap exploits harder, but it
	549	+ also breaks ancient binaries (including anything libc5 based).
	550	+ This option changes the bootup default to heap randomization
	551	+ disabled, and can be overriden runtime by setting
	552	+ /proc/sys/kernel/randomize_va_space to 2.
	553	+
	554	+ On non-ancient distros (post-2000 ones) Y is usually a safe choice.
	555	+
544	556	config BASE_FULL
545	557	default y
546	558	bool "Enable full-sized data structures for core" if EMBEDDED
...	...	@@ -82,7 +82,18 @@
82	82	EXPORT_SYMBOL(num_physpages);
83	83	EXPORT_SYMBOL(high_memory);
84	84
85		-int randomize_va_space __read_mostly = 1;
	85	+/*
	86	+ * Randomize the address space (stacks, mmaps, brk, etc.).
	87	+ *
	88	+ * ( When CONFIG_COMPAT_BRK=y we exclude brk from randomization,
	89	+ * as ancient (libc5 based) binaries can segfault. )
	90	+ */
	91	+int randomize_va_space __read_mostly =
	92	+#ifdef CONFIG_COMPAT_BRK
	93	+ 1;
	94	+#else
	95	+ 2;
	96	+#endif
86	97
87	98	static int __init disable_randmaps(char *s)
88	99	{