[packages/kernel] - disable struct randomization, it's pointless for a distro kernel
baggins at pld-linux.org
Wed Sep 6 09:23:14 CEST 2017
On Wed, 06 Sep 2017, Arkadiusz Miśkiewicz wrote:
> On Tuesday 05 of September 2017, baggins wrote:
> > commit aa2cca690b9ce623e4dac08b9563584530a0a489
> > Author: Jan Rękorajski <baggins at pld-linux.org>
> > Date: Tue Sep 5 23:52:49 2017 +0200
> > - disable struct randomization, it's pointless for a distro kernel
> Not pointless - exploit needs to match specific pld kernel directly and
> generic or other distro exploits won't work.
What is very easy to accomplish, because you have to expose random seed
used during kernel build to be able to build external modules.
I'm not strongly opposed to the idea, but you need to make sure external
modules will build/work if you really want a slower and bigger kernel
for slight increase in security.
Jan Rękorajski | PLD/Linux
SysAdm | baggins<at>pld-linux.org | http://www.pld-linux.org/
More information about the pld-devel-en