Thanks for the corrections, lo-na-aleim. We've updated the wiki page to
reflect the KASLR features as they stand currently.
This wiki page is programmatically constructed: hand edits wouldn't
survive in the long run.
Note that the /proc/sys/kernel/randomize_va_space controls whether or
not the brk address space within userspace processes should be
randomized. Quoting from the Linux kernel source file init/Kconfig:
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
This option changes the bootup default to heap randomization
disabled, and can be overridden at runtime by setting
/proc/sys/kernel/randomize_va_space to 2.
I don't know off-hand a reliable programmatic tool available to
determine that the kernel has booted into a randomized base location, or
whether it randomizes memory slabs, etc. The /boot/config* files by
convention show the configuration of the kernel, but local
administrators may not observe this convention if they replace the
kernel.
Thanks
** Changed in: ubuntu-docs (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912614
Title:
kASLR incorrectly described as disabled by default in
Security/Features
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
