]> git.ipfire.org Git - ipfire-3.x.git/commit
projects / ipfire-3.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f2234b3) | patch
sysctl: improve KASLR effectiveness for mmap
authorPeter Müller <peter.mueller@ipfire.org>
Sat, 6 Jul 2019 09:38:00 +0000 (09:38 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 8 Jul 2019 10:03:33 +0000 (11:03 +0100)
commit78d3aeab2b1e8c0e52e5326c95d4b59057fb3095
tree66cefe02c518d208d98dcdcb71434191d284d188tree | snapshot
parentf2234b33d7d5159cd3aedfec22752f688a5ebd99commit | diff
sysctl: improve KASLR effectiveness for mmap

By feeding more random bits into mmap allocation, the
effectiveness of KASLR will be improved, making attacks
trying to bypass address randomisation more difficult.

Changed sysctl values are:

vm.mmap_rnd_bits = 32 (default: 28)
vm.mmap_rnd_compat_bits = 16 (default: 8)

This patch backports the same change made in IPFire 2.x into
IPFire 3.x .

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
setup/setup.nm diff | blob | blame | history
setup/sysctl/kernel-hardening.conf diff | blob | blame | history
IPFire 3.x development tree