Branch: refs/heads/master
Home: https://github.com/NixOS/nixpkgs
Commit: 63433537ce3f52f9bc460961b2b73e40db027447
https://github.com/NixOS/nixpkgs/commit/63433537ce3f52f9bc460961b2b73e40db027447
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-04-29 (Sat, 29 Apr 2017)
Changed paths:
M nixos/modules/profiles/hardened.nix
Log Message:
-----------
nixos/hardened profile: disable legacy virtual syscalls
This eliminates a theoretical risk of ASLR bypass due to the fixed address
mapping used by the legacy vsyscall mechanism. Modern glibc use vdso(7)
instead so there is no loss of functionality, but some programs may fail
to run in this configuration. Programs that fail to run because vsyscall
has been disabled will be logged to dmesg.
For background on virtual syscalls see https://lwn.net/Articles/446528/
Closes https://github.com/NixOS/nixpkgs/pull/25289
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits
