Re: [Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

[Seth Arnold]

On Fri, Jan 22, 2021 at 01:09:13PM -, lo-na-aleim wrote:
> Sorry for reaching out in the wrong place. I guess the right place for this 
> would have been the mailing list? 
> I started from: https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation 
>  

Actually, thanks for this, I'll amend the script that emits the page to
suggest exactly this -- the mail list, #ubuntu-hardened on
irc.freenode.net, or https://discourse.ubuntu.com/c/security/33

> I guess someone techy enough to care about kASLR will be able to work
> with the Solutions provided by @crass here:
> https://askubuntu.com/questions/704640/how-to-detect-in-runtime-is-kaslr-enabled-or-disabled
> :)

Yes, it's detailed enough that it's bound to be useful for someone who
*really* wants to get into this. :)

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
  kASLR incorrectly described as disabled by default in
  Security/Features

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

[lo-na-aleim]

> TBH the information about how to point out errors in or discuss
various sets of documentation leaves room for improvement. Hopefully
we'll find the resources to do something about that going forward.

I actually enjoy writing stuff like that. If you point me to someone
with more context whom I can pester with my questions, I will try to
carve out the time to write it down. Being an "outsider" might actually
give me an advantage here.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
  kASLR incorrectly described as disabled by default in
  Security/Features

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

[Gunnar Hjalmarsson]

On 2021-01-22 14:09, lo-na-aleim wrote:
> Sorry for reaching out in the wrong place.

No problem.

> I guess the right place for this would have been the mailing list?

Yeah, maybe..

> I started from:
> https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation Section
> "How can I help?" gave me the impression that Proof-reading and
> continuing with "Send in a bug report"
> (https://help.ubuntu.com/community/ReportingBugs) was the way of
> communicating errors in the wiki.

TBH the information about how to point out errors in or discuss various
sets of documentation leaves room for improvement. Hopefully we'll find
the resources to do something about that going forward.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
  kASLR incorrectly described as disabled by default in
  Security/Features

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

[lo-na-aleim]

Thanks a lot,

Sorry for reaching out in the wrong place. I guess the right place for this 
would have been the mailing list? 
I started from: https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation  
Section "How can I help?" gave me the impression that Proof-reading and 
continuing with "Send in a bug report" 
(https://help.ubuntu.com/community/ReportingBugs) was the way of communicating 
errors in the wiki.

Regarding checking the status of kASLR:
I guess someone techy enough to care about kASLR will be able to work with the 
Solutions provided by @crass here: 
https://askubuntu.com/questions/704640/how-to-detect-in-runtime-is-kaslr-enabled-or-disabled
 :)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
  kASLR incorrectly described as disabled by default in
  Security/Features

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

[Seth Arnold]

Thanks for the corrections, lo-na-aleim. We've updated the wiki page to
reflect the KASLR features as they stand currently.

This wiki page is programmatically constructed: hand edits wouldn't
survive in the long run.

Note that the /proc/sys/kernel/randomize_va_space controls whether or
not the brk address space within userspace processes should be
randomized. Quoting from the Linux kernel source file init/Kconfig:

  Randomizing heap placement makes heap exploits harder, but it
  also breaks ancient binaries (including anything libc5 based).
  This option changes the bootup default to heap randomization
  disabled, and can be overridden at runtime by setting
  /proc/sys/kernel/randomize_va_space to 2.

I don't know off-hand a reliable programmatic tool available to
determine that the kernel has booted into a randomized base location, or
whether it randomizes memory slabs, etc. The /boot/config* files by
convention show the configuration of the kernel, but local
administrators may not observe this convention if they replace the
kernel.

Thanks

** Changed in: ubuntu-docs (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
  kASLR incorrectly described as disabled by default in
  Security/Features

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

[Gunnar Hjalmarsson]

Thanks for your report! However, the ubuntu-docs package is for the
Ubuntu desktop guide, and not for that wiki page you mentioned.

I would suggest that you get in touch with members of
 to discuss possible changes of
the page. I also subscribed that team to this bug report, which possibly
will help.

Keeping this bug open for now, even if the "Affects" info is not
correct.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
  kASLR incorrectly described as disabled by default in
  Security/Features

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs