[6438] in Release_7.7_team


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: /proc/sys/kernel/randomize_va_space

daemon@ATHENA.MIT.EDU (Alex T Prengel)
Wed Sep 9 13:12:53 2009

From: Alex T Prengel <alexp@MIT.EDU>
To: "andrew m. boardman" <amb@mit.edu>
Cc: "release-team@MIT.EDU" <release-team@mit.edu>,
   "debathena@MIT.EDU" <debathena@mit.edu>, alexp@mit.edu
In-Reply-To: <200909041821.n84IL5o3003465@pothole.mit.edu>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Wed, 09 Sep 2009 13:12:23 -0400
Message-Id: <1252516343.9595.1.camel@dit.mit.edu>
Mime-Version: 1.0
X-Spam-Flag: NO
X-Spam-Score: 0.00

On Fri, 2009-09-04 at 14:21 -0400, andrew m. boardman wrote:
> > I can't automate setting it to 0 in a launch script because the user
> > needs to sudo to reset it.
> 
> You can however turn off randomization on a per-application basis with
> setarch, e.g. "setarch i386 -R g98".  Will that cover your needs?
> 
> > Can we preset this to 0 or is that going to cause other problems (like
> > security issues)?
> 
> It's not known (by me) as a directly and relevant threat to turn it off,
> but it generally makes some attacks harder and would be nice to keep on
> general principle.

The setarch command seems to work. Thanks!    A.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6438] in Release_7.7_team

Re: /proc/sys/kernel/randomize_va_space

daemon@ATHENA.MIT.EDU (Alex T Prengel)Wed Sep 9 13:12:53 2009

daemon@ATHENA.MIT.EDU (Alex T Prengel)
Wed Sep 9 13:12:53 2009