diff options
| author | Ingo Molnar <mingo@elte.hu> | 2008-02-06 16:39:44 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2008-02-06 16:39:44 -0500 |
| commit | 32a932332c8bad842804842eaf9651ad6268e637 (patch) | |
| tree | 58f187409029f089f788c5c35ad5c200b4a555af /init | |
| parent | 4cc6028d4040f95cdb590a87db478b42b8be0508 (diff) | |
brk randomization: introduce CONFIG_COMPAT_BRK
based on similar patch from: Pavel Machek <pavel@ucw.cz>
Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free
(but not obliged to) randomize the brk area.
Heap randomization breaks ancient binaries, so we keep COMPAT_BRK
enabled by default.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'init')
| -rw-r--r-- | init/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 87f50df58893..92b23e256614 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -541,6 +541,18 @@ config ELF_CORE | |||
| 541 | help | 541 | help |
| 542 | Enable support for generating core dumps. Disabling saves about 4k. | 542 | Enable support for generating core dumps. Disabling saves about 4k. |
| 543 | 543 | ||
| 544 | config COMPAT_BRK | ||
| 545 | bool "Disable heap randomization" | ||
| 546 | default y | ||
| 547 | help | ||
| 548 | Randomizing heap placement makes heap exploits harder, but it | ||
| 549 | also breaks ancient binaries (including anything libc5 based). | ||
| 550 | This option changes the bootup default to heap randomization | ||
| 551 | disabled, and can be overriden runtime by setting | ||
| 552 | /proc/sys/kernel/randomize_va_space to 2. | ||
| 553 | |||
| 554 | On non-ancient distros (post-2000 ones) Y is usually a safe choice. | ||
| 555 | |||
| 544 | config BASE_FULL | 556 | config BASE_FULL |
| 545 | default y | 557 | default y |
| 546 | bool "Enable full-sized data structures for core" if EMBEDDED | 558 | bool "Enable full-sized data structures for core" if EMBEDDED |