git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

projects / people / pmueller / ipfire-2.x.git / commit

author	Peter Müller <peter.mueller@ipfire.org>
	Thu, 4 Jul 2019 19:15:00 +0000 (19:15 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 4 Jul 2019 10:22:13 +0000 (11:22 +0100)
commit	ef21f3e49d2998eb4a223c05ef05f169ae99537a
tree	756cba14ed26209694695963f51b63de4cdacae4	tree \| snapshot
parent	4cd82be05f21bcf49e38793e41730923a0107a0b	commit \| diff

sysctl: improve KASLR effectiveness for mmap

By feeding more random bits into mmap allocation, the
effectiveness of KASLR will be improved, making attacks
trying to bypass address randomisation more difficult.

Changed sysctl values are:

vm.mmap_rnd_bits = 32 (default: 28)
vm.mmap_rnd_compat_bits = 16 (default: 8)

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/etc/sysctl.conf

diff | blob | blame | history

Peter's tree of IPFire 2.x

RSS Atom