sysctl: improve KASLR effectiveness for mmap
By feeding more random bits into mmap allocation, the effectiveness of KASLR will be improved, making attacks trying to bypass address randomisation more difficult. Changed sysctl values are: vm.mmap_rnd_bits = 32 (default: 28) vm.mmap_rnd_compat_bits = 16 (default: 8) This patch backports the same change made in IPFire 2.x into IPFire 3.x . Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
parent
f2234b33d7
commit
78d3aeab2b
|
@ -5,7 +5,7 @@
|
|||
|
||||
name = setup
|
||||
version = 3.0
|
||||
release = 13
|
||||
release = 14
|
||||
arch = noarch
|
||||
|
||||
groups = Base Build System/Base
|
||||
|
|
|
@ -4,3 +4,6 @@ kernel.kptr_restrict = 2
|
|||
# Avoid kernel memory address exposures via dmesg.
|
||||
kernel.dmesg_restrict = 1
|
||||
|
||||
# Improve KASLR effectiveness for mmap.
|
||||
vm.mmap_rnd_bits = 32
|
||||
vm.mmap_rnd_compat_bits = 16
|
||||
|
|
Loading…
Reference in New Issue