sysctl: improve KASLR effectiveness for mmap

[ipfire-2.x.git] / config / etc / sysctl.conf

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 9a943fffa886430d4d45078f19f5b3dbc796bbb6..5a67f179550f719ef67dad90206b665db70740d1 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -45,6 +45,10 @@ kernel.kptr_restrict = 2
 # Avoid kernel memory address exposures via dmesg.
 kernel.dmesg_restrict = 1
 
+# Improve KASLR effectiveness for mmap
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16
+
 # Minimal preemption granularity for CPU-bound tasks:
 # (default: 1 msec#  (1 + ilog(ncpus)), units: nanoseconds)
 kernel.sched_min_granularity_ns = 10000000