diff options
author | Ingo Molnar <mingo@elte.hu> | 2008-02-06 22:39:44 +0100 |
---|---|---|
committer | Ingo Molnar <mingo@elte.hu> | 2008-02-06 22:39:44 +0100 |
commit | 32a932332c8bad842804842eaf9651ad6268e637 (patch) | |
tree | 58f187409029f089f788c5c35ad5c200b4a555af /init | |
parent | 4cc6028d4040f95cdb590a87db478b42b8be0508 (diff) | |
download | kernel-crypto-32a932332c8bad842804842eaf9651ad6268e637.tar.gz kernel-crypto-32a932332c8bad842804842eaf9651ad6268e637.tar.xz kernel-crypto-32a932332c8bad842804842eaf9651ad6268e637.zip |
brk randomization: introduce CONFIG_COMPAT_BRK
based on similar patch from: Pavel Machek <pavel@ucw.cz>
Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free
(but not obliged to) randomize the brk area.
Heap randomization breaks ancient binaries, so we keep COMPAT_BRK
enabled by default.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 87f50df5889..92b23e25661 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -541,6 +541,18 @@ config ELF_CORE help Enable support for generating core dumps. Disabling saves about 4k. +config COMPAT_BRK + bool "Disable heap randomization" + default y + help + Randomizing heap placement makes heap exploits harder, but it + also breaks ancient binaries (including anything libc5 based). + This option changes the bootup default to heap randomization + disabled, and can be overriden runtime by setting + /proc/sys/kernel/randomize_va_space to 2. + + On non-ancient distros (post-2000 ones) Y is usually a safe choice. + config BASE_FULL default y bool "Enable full-sized data structures for core" if EMBEDDED |