[packages/kernel] - disable struct randomization, it's pointless for a distro kernel
Arkadiusz Miśkiewicz
arekm at maven.pl
Wed Sep 6 09:30:40 CEST 2017
On Wednesday 06 of September 2017, Jan Rękorajski wrote:
> On Wed, 06 Sep 2017, Arkadiusz Miśkiewicz wrote:
> > On Tuesday 05 of September 2017, baggins wrote:
> > > commit aa2cca690b9ce623e4dac08b9563584530a0a489
> > > Author: Jan Rękorajski <baggins at pld-linux.org>
> > > Date: Tue Sep 5 23:52:49 2017 +0200
> > >
> > > - disable struct randomization, it's pointless for a distro kernel
> >
> > Not pointless - exploit needs to match specific pld kernel directly and
> > generic or other distro exploits won't work.
>
> What is very easy to accomplish, because you have to expose random seed
> used during kernel build to be able to build external modules.
Not for typical "attacker" or automated attacks.
> I'm not strongly opposed to the idea, but you need to make sure external
> modules will build/work
Where there any problems already?
> if you really want a slower and bigger kernel
> for slight increase in security.
How bigger and slower? It only changes order of struct members AFAIK.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the pld-devel-en
mailing list