diff options
author | Ingo Molnar <mingo@elte.hu> | 2008-02-06 22:39:44 +0100 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2008-02-06 22:39:44 +0100 |
commit | 32a932332c8bad842804842eaf9651ad6268e637 (patch) | |
tree | 58f187409029f089f788c5c35ad5c200b4a555af | |
parent | 4cc6028d4040f95cdb590a87db478b42b8be0508 (diff) | |
download | linux-32a932332c8bad842804842eaf9651ad6268e637.tar.gz linux-32a932332c8bad842804842eaf9651ad6268e637.tar.bz2 linux-32a932332c8bad842804842eaf9651ad6268e637.zip |
brk randomization: introduce CONFIG_COMPAT_BRK
based on similar patch from: Pavel Machek <pavel@ucw.cz>
Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free
(but not obliged to) randomize the brk area.
Heap randomization breaks ancient binaries, so we keep COMPAT_BRK
enabled by default.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r-- | fs/binfmt_elf.c | 2 | ||||
-rw-r--r-- | init/Kconfig | 12 | ||||
-rw-r--r-- | mm/memory.c | 13 |
3 files changed, 25 insertions, 2 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 4628c42ca892..111771d38e6e 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1077,7 +1077,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) current->mm->start_stack = bprm->p; #ifdef arch_randomize_brk - if (current->flags & PF_RANDOMIZE) + if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) current->mm->brk = current->mm->start_brk = arch_randomize_brk(current->mm); #endif diff --git a/init/Kconfig b/init/Kconfig index 87f50df58893..92b23e256614 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -541,6 +541,18 @@ config ELF_CORE help Enable support for generating core dumps. Disabling saves about 4k. +config COMPAT_BRK + bool "Disable heap randomization" + default y + help + Randomizing heap placement makes heap exploits harder, but it + also breaks ancient binaries (including anything libc5 based). + This option changes the bootup default to heap randomization + disabled, and can be overriden runtime by setting + /proc/sys/kernel/randomize_va_space to 2. + + On non-ancient distros (post-2000 ones) Y is usually a safe choice. + config BASE_FULL default y bool "Enable full-sized data structures for core" if EMBEDDED diff --git a/mm/memory.c b/mm/memory.c index 7bb70728bb52..9d073fa0a2d0 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -82,7 +82,18 @@ void * high_memory; EXPORT_SYMBOL(num_physpages); EXPORT_SYMBOL(high_memory); -int randomize_va_space __read_mostly = 1; +/* + * Randomize the address space (stacks, mmaps, brk, etc.). + * + * ( When CONFIG_COMPAT_BRK=y we exclude brk from randomization, + * as ancient (libc5 based) binaries can segfault. ) + */ +int randomize_va_space __read_mostly = +#ifdef CONFIG_COMPAT_BRK + 1; +#else + 2; +#endif static int __init disable_randmaps(char *s) { |