From fff25a2ad108da8e32461ee1a3156a09abd58ae4 Mon Sep 17 00:00:00 2001
From: Dave Jones <davej@redhat.com>
Date: Fri, 3 Sep 2010 11:48:57 -0400
Subject: exec-randomization: brk away from exec rand area

This is a fix for the NX emulation patch to force the brk area well
outside of the exec randomization area to avoid future allocation or brk
growth collisions. Normally this isn't a problem, except when the text
region has been loaded from a PIE binary and the CS limit can't be put
just above bss.

A test-case that will show failures without this patch can be found here:
http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/annotate/head%3A/scripts/kernel-aslr-collisions/explode-brk.c

Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
 kernel.spec | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'kernel.spec')

diff --git a/kernel.spec b/kernel.spec
index 8342c4a7..114580fa 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1876,6 +1876,9 @@ fi
 #                 ||     ||
 
 %changelog
+* Fri Sep 03 2010 Dave Jones <davej@redhat.com>
+- exec-randomization: brk away from exec rand area (Kees Cook)
+
 * Fri Sep 03 2010 Dave Jones <davej@redhat.com>
 - Remove the execshield boot parameter.
   Based on a patch from Kees Cook
-- 
cgit