[6432] in Release_7.7_team
Re: /proc/sys/kernel/randomize_va_space
daemon@ATHENA.MIT.EDU (andrew m. boardman)
Fri Sep 4 14:21:15 2009
Message-Id: <200909041821.n84IL5o3003465@pothole.mit.edu>
To: Alex T Prengel <alexp@MIT.EDU>
cc: release-team@MIT.EDU, debathena@MIT.EDU
In-Reply-To: Your message of "Tue, 01 Sep 2009 17:53:00 EDT."
<200909012153.n81Lr0K5014680@outgoing.mit.edu>
Date: Fri, 04 Sep 2009 14:21:05 -0400
From: "andrew m. boardman" <amb@MIT.EDU>
X-Spam-Flag: NO
X-Spam-Score: 0.00
> I can't automate setting it to 0 in a launch script because the user
> needs to sudo to reset it.
You can however turn off randomization on a per-application basis with
setarch, e.g. "setarch i386 -R g98". Will that cover your needs?
> Can we preset this to 0 or is that going to cause other problems (like
> security issues)?
It's not known (by me) as a directly and relevant threat to turn it off,
but it generally makes some attacks harder and would be nice to keep on
general principle.