LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Ingo Molnar <mingo@elte.hu>
To: Jiri Kosina <jkosina@suse.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Arjan van de Ven <arjan@infradead.org>,
	Randy Dunlap <randy.dunlap@oracle.com>,
	Hugh Dickins <hugh@veritas.com>, Pavel Machek <pavel@ucw.cz>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking
Date: Wed, 6 Feb 2008 14:49:59 +0100	[thread overview]
Message-ID: <20080206134959.GA25689@elte.hu> (raw)
In-Reply-To: <Pine.LNX.4.64.0802061442300.30955@jikos.suse.cz>


* Jiri Kosina <jkosina@suse.cz> wrote:

> ASLR: add possibility for more fine-grained tweaking
> 
> Some prehistoric binaries don't like when start of brk area is located 
> anywhere else than just after code+bss.
> 
> This patch adds possibility to configure the default behavior of 
> address space randomization. In addition to that, randomize_va_space 
> now can have value of '2', which means full randomization including 
> brk space.

i've already added the patch below to x86.git.

	Ingo

-------------------->
Subject: brk randomization: introduce CONFIG_COMPAT_BRK
From: Ingo Molnar <mingo@elte.hu>

based on similar patch from: Pavel Machek <pavel@ucw.cz>

Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free
(but not obliged to) randomize the brk area.

Heap randomization breaks ancient binaries, so we keep COMPAT_BRK
enabled by default.

Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
 fs/binfmt_elf.c |    2 +-
 init/Kconfig    |   12 ++++++++++++
 mm/memory.c     |   13 ++++++++++++-
 3 files changed, 25 insertions(+), 2 deletions(-)

Index: linux-x86.q/fs/binfmt_elf.c
===================================================================
--- linux-x86.q.orig/fs/binfmt_elf.c
+++ linux-x86.q/fs/binfmt_elf.c
@@ -1077,7 +1077,7 @@ static int load_elf_binary(struct linux_
 	current->mm->start_stack = bprm->p;
 
 #ifdef arch_randomize_brk
-	if (current->flags & PF_RANDOMIZE)
+	if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
 		current->mm->brk = current->mm->start_brk =
 			arch_randomize_brk(current->mm);
 #endif
Index: linux-x86.q/init/Kconfig
===================================================================
--- linux-x86.q.orig/init/Kconfig
+++ linux-x86.q/init/Kconfig
@@ -541,6 +541,18 @@ config ELF_CORE
 	help
 	  Enable support for generating core dumps. Disabling saves about 4k.
 
+config COMPAT_BRK
+	bool "Disable heap randomization"
+	default y
+	help
+	  Randomizing heap placement makes heap exploits harder, but it
+	  also breaks ancient binaries (including anything libc5 based).
+	  This option changes the bootup default to heap randomization
+	  disabled, and can be overriden runtime by setting
+	  /proc/sys/kernel/randomize_va_space to 2.
+
+	  On non-ancient distros (post-2000 ones) Y is usually a safe choice.
+
 config BASE_FULL
 	default y
 	bool "Enable full-sized data structures for core" if EMBEDDED
Index: linux-x86.q/mm/memory.c
===================================================================
--- linux-x86.q.orig/mm/memory.c
+++ linux-x86.q/mm/memory.c
@@ -82,7 +82,18 @@ void * high_memory;
 EXPORT_SYMBOL(num_physpages);
 EXPORT_SYMBOL(high_memory);
 
-int randomize_va_space __read_mostly = 1;
+/*
+ * Randomize the address space (stacks, mmaps, brk, etc.).
+ *
+ * ( When CONFIG_COMPAT_BRK=y we exclude brk from randomization,
+ *   as ancient (libc5 based) binaries can segfault. )
+ */
+int randomize_va_space __read_mostly =
+#ifdef CONFIG_COMPAT_BRK
+					1;
+#else
+					2;
+#endif
 
 static int __init disable_randmaps(char *s)
 {

  reply	other threads:[~2008-02-06 13:51 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-06 13:45 [PATCH 0/2] brk and randomization fixes Jiri Kosina
2008-02-06 13:45 ` [PATCH 1/2] brk: check the lower bound properly Jiri Kosina
2008-02-06 13:45 ` [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking Jiri Kosina
2008-02-06 13:49   ` Ingo Molnar [this message]
2008-02-06 16:26     ` [PATCH] Document randomize_va_space and CONFIG_COMPAT_BRK (was Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking) Jiri Kosina
2008-02-06 23:10       ` Ingo Molnar
2008-02-07  9:49         ` Jiri Kosina
2008-02-07 14:30         ` Jiri Kosina
2008-02-07 15:01           ` Ingo Molnar
2008-02-07 10:23     ` [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking Geert Uytterhoeven
2008-02-07 10:31       ` Ismail Dönmez
2008-02-07 10:32       ` Ingo Molnar
2008-02-07 10:43         ` Geert Uytterhoeven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080206134959.GA25689@elte.hu \
    --to=mingo@elte.hu \
    --cc=akpm@linux-foundation.org \
    --cc=arjan@infradead.org \
    --cc=hugh@veritas.com \
    --cc=jkosina@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pavel@ucw.cz \
    --cc=randy.dunlap@oracle.com \
    --subject='Re: [PATCH 2/2] ASLR: add possibility for more fine-grained tweaking' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).