brk randomization: introduce CONFIG_COMPAT_BRK

based on similar patch from: Pavel Machek <pavel@ucw.cz> Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free (but not obliged to) randomize the brk area. Heap randomization breaks ancient binaries, so we keep COMPAT_BRK enabled by default. Signed-off-by: Ingo Molnar <mingo@elte.hu>
author: Ingo Molnar <mingo@elte.hu> 2008-02-06 16:39:44 -0500
committer: Ingo Molnar <mingo@elte.hu> 2008-02-06 16:39:44 -0500
commit: 32a932332c8bad842804842eaf9651ad6268e637 (patch)
tree: 58f187409029f089f788c5c35ad5c200b4a555af
parent: 4cc6028d4040f95cdb590a87db478b42b8be0508 (diff)
3 files changed, 25 insertions, 2 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 4628c42ca892..111771d38e6e 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1077,7 +1077,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
        current->mm->start_stack = bprm->p;
 #ifdef arch_randomize_brk
-        if (current->flags & PF_RANDOMIZE)
+        if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
                current->mm->brk = current->mm->start_brk =
                        arch_randomize_brk(current->mm);
 #endif
diff --git a/init/Kconfig b/init/Kconfig
index 87f50df58893..92b23e256614 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -541,6 +541,18 @@ config ELF_CORE
        help
          Enable support for generating core dumps. Disabling saves about 4k.
+config COMPAT_BRK
+        bool "Disable heap randomization"
+        default y
+        help
+          Randomizing heap placement makes heap exploits harder, but it
+          also breaks ancient binaries (including anything libc5 based).
+          This option changes the bootup default to heap randomization
+          disabled, and can be overriden runtime by setting
+          /proc/sys/kernel/randomize_va_space to 2.
+          On non-ancient distros (post-2000 ones) Y is usually a safe choice.
 config BASE_FULL
        default y
        bool "Enable full-sized data structures for core" if EMBEDDED
diff --git a/mm/memory.c b/mm/memory.c
index 7bb70728bb52..9d073fa0a2d0 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -82,7 +82,18 @@ void * high_memory;
 EXPORT_SYMBOL(num_physpages);
 EXPORT_SYMBOL(high_memory);
-int randomize_va_space __read_mostly = 1;
+/*
+ * Randomize the address space (stacks, mmaps, brk, etc.).
+ *
+ * ( When CONFIG_COMPAT_BRK=y we exclude brk from randomization,
+ *   as ancient (libc5 based) binaries can segfault. )
+ */
+int randomize_va_space __read_mostly =
+#ifdef CONFIG_COMPAT_BRK
+                                        1;
+#else
+                                        2;
+#endif
 static int __init disable_randmaps(char *s)
 {
author	Ingo Molnar <mingo@elte.hu>	2008-02-06 16:39:44 -0500
committer	Ingo Molnar <mingo@elte.hu>	2008-02-06 16:39:44 -0500
commit	32a932332c8bad842804842eaf9651ad6268e637 (patch)
tree	58f187409029f089f788c5c35ad5c200b4a555af
parent	4cc6028d4040f95cdb590a87db478b42b8be0508 (diff)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 4628c42ca892..111771d38e6e 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c
@@ -1077,7 +1077,7 @@ static int load_elf_binary(struct linux_binprm bprm, struct pt_regs regs)
1077	current->mm->start_stack = bprm->p;	1077	current->mm->start_stack = bprm->p;
1078		1078
1079	#ifdef arch_randomize_brk	1079	#ifdef arch_randomize_brk
1080	if (current->flags & PF_RANDOMIZE)	1080	if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
1081	current->mm->brk = current->mm->start_brk =	1081	current->mm->brk = current->mm->start_brk =
1082	arch_randomize_brk(current->mm);	1082	arch_randomize_brk(current->mm);
1083	#endif	1083	#endif


diff --git a/init/Kconfig b/init/Kconfig index 87f50df58893..92b23e256614 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -541,6 +541,18 @@ config ELF_CORE
541	help	541	help
542	Enable support for generating core dumps. Disabling saves about 4k.	542	Enable support for generating core dumps. Disabling saves about 4k.
543		543
		544	config COMPAT_BRK
		545	bool "Disable heap randomization"
		546	default y
		547	help
		548	Randomizing heap placement makes heap exploits harder, but it
		549	also breaks ancient binaries (including anything libc5 based).
		550	This option changes the bootup default to heap randomization
		551	disabled, and can be overriden runtime by setting
		552	/proc/sys/kernel/randomize_va_space to 2.
		553
		554	On non-ancient distros (post-2000 ones) Y is usually a safe choice.
		555
544	config BASE_FULL	556	config BASE_FULL
545	default y	557	default y
546	bool "Enable full-sized data structures for core" if EMBEDDED	558	bool "Enable full-sized data structures for core" if EMBEDDED


diff --git a/mm/memory.c b/mm/memory.c index 7bb70728bb52..9d073fa0a2d0 100644 --- a/mm/memory.c +++ b/mm/memory.c
@@ -82,7 +82,18 @@ void * high_memory;
82	EXPORT_SYMBOL(num_physpages);	82	EXPORT_SYMBOL(num_physpages);
83	EXPORT_SYMBOL(high_memory);	83	EXPORT_SYMBOL(high_memory);
84		84
85	int randomize_va_space __read_mostly = 1;	85	/*
		86	* Randomize the address space (stacks, mmaps, brk, etc.).
		87	*
		88	* ( When CONFIG_COMPAT_BRK=y we exclude brk from randomization,
		89	* as ancient (libc5 based) binaries can segfault. )
		90	*/
		91	int randomize_va_space __read_mostly =
		92	#ifdef CONFIG_COMPAT_BRK
		93	1;
		94	#else
		95	2;
		96	#endif
86		97
87	static int __init disable_randmaps(char *s)	98	static int __init disable_randmaps(char *s)
88	{	99	{