summaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorIngo Molnar <mingo@elte.hu>2008-02-06 22:39:44 +0100
committerIngo Molnar <mingo@elte.hu>2008-02-06 22:39:44 +0100
commit32a932332c8bad842804842eaf9651ad6268e637 (patch)
tree58f187409029f089f788c5c35ad5c200b4a555af /init
parent4cc6028d4040f95cdb590a87db478b42b8be0508 (diff)
downloadkernel-crypto-32a932332c8bad842804842eaf9651ad6268e637.tar.gz
kernel-crypto-32a932332c8bad842804842eaf9651ad6268e637.tar.xz
kernel-crypto-32a932332c8bad842804842eaf9651ad6268e637.zip
brk randomization: introduce CONFIG_COMPAT_BRK
based on similar patch from: Pavel Machek <pavel@ucw.cz> Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free (but not obliged to) randomize the brk area. Heap randomization breaks ancient binaries, so we keep COMPAT_BRK enabled by default. Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig12
1 files changed, 12 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 87f50df5889..92b23e25661 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -541,6 +541,18 @@ config ELF_CORE
help
Enable support for generating core dumps. Disabling saves about 4k.
+config COMPAT_BRK
+ bool "Disable heap randomization"
+ default y
+ help
+ Randomizing heap placement makes heap exploits harder, but it
+ also breaks ancient binaries (including anything libc5 based).
+ This option changes the bootup default to heap randomization
+ disabled, and can be overriden runtime by setting
+ /proc/sys/kernel/randomize_va_space to 2.
+
+ On non-ancient distros (post-2000 ones) Y is usually a safe choice.
+
config BASE_FULL
default y
bool "Enable full-sized data structures for core" if EMBEDDED