[6432] in Release_7.7_team

home help back first fref pref prev next nref lref last post

Re: /proc/sys/kernel/randomize_va_space

daemon@ATHENA.MIT.EDU (andrew m. boardman)
Fri Sep 4 14:21:15 2009

Message-Id: <200909041821.n84IL5o3003465@pothole.mit.edu>
To: Alex T Prengel <alexp@MIT.EDU>
cc: release-team@MIT.EDU, debathena@MIT.EDU
In-Reply-To: Your message of "Tue, 01 Sep 2009 17:53:00 EDT."
             <200909012153.n81Lr0K5014680@outgoing.mit.edu> 
Date: Fri, 04 Sep 2009 14:21:05 -0400
From: "andrew m. boardman" <amb@MIT.EDU>
X-Spam-Flag: NO
X-Spam-Score: 0.00


> I can't automate setting it to 0 in a launch script because the user
> needs to sudo to reset it.

You can however turn off randomization on a per-application basis with
setarch, e.g. "setarch i386 -R g98".  Will that cover your needs?

> Can we preset this to 0 or is that going to cause other problems (like
> security issues)?

It's not known (by me) as a directly and relevant threat to turn it off,
but it generally makes some attacks harder and would be nice to keep on
general principle.

home help back first fref pref prev next nref lref last post