Re: [PATCH v9] mm: Optional full ASLR for mmap(), mremap(), vdso, stack and heap
From: Topi Miettinen <hidden>
Date: 2021-01-13 11:25:07
Also in:
linux-api, linux-hardening, lkml
From: Topi Miettinen <hidden>
Date: 2021-01-13 11:25:07
Also in:
linux-api, linux-hardening, lkml
On 4.1.2021 17.53, Topi Miettinen wrote:
Writing a new value of 3 to /proc/sys/kernel/randomize_va_space enables full randomization of memory mappings. With 2, the base of the VMA used for such mappings is random, but the mappings are created in predictable places within the VMA and in sequential order. With 3, new VMAs are created to fully randomize the mappings. Mappings created with mmap(NULL, ...) are randomized and mremap(..., MREMAP_MAYMOVE) will move the mappings even if not necessary. The locations of heap (memory allocated with brk()), stack and vdso are also randomized.
It seems that always moving the mappings in mremap() can expose bugs where the callers don't actually expect the mappings to move, even though MREMAP_MAYMOVE is specified (Debian libapt-pkg6.0): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980037 Perhaps this part should be a separate option to avoid tripping such bugs when compatibility is more important than improved ASLR and debugging. The option could be also used without randomize_va_space==3. How about something like sysctl.kernel.mremap_always_move, sysctl.vm.mremap_always_move or CONFIG_MREMAP_ALWAYS_MOVE? -Topi