By feeding more random bits into mmap allocation, the
effectiveness of KASLR will be improved, making attacks
trying to bypass address randomisation more difficult.
Changed sysctl values are:
vm.mmap_rnd_bits = 32 (default: 28)
vm.mmap_rnd_compat_bits = 16 (default: 8)
This patch backports the same change made in IPFire 2.x into
IPFire 3.x .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
name = setup
version = 3.0
-release = 13
+release = 14
arch = noarch
groups = Base Build System/Base
# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict = 1
+# Improve KASLR effectiveness for mmap.
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16