Feature changed by: Marcus Meissner (msmeissn) Feature #313171, revision 5 Title: enable full heap randomisation openSUSE Distribution: Unconfirmed Priority Requester: Important Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: set kernel.randomize_va_space=2 to enable full heap randomisation. Citing sysctl/kernel.txt: 2 - Additionally enable heap randomization. This is the default if CONFIG_COMPAT_BRK is disabled. There are a few legacy applications out there (such as some ancient versions of libc.so. 5 from 1996) that assume that brk area starts just after the end of the code+bss. These applications break when start of the brk area is randomized. There are however no known non-legacy applications that would be broken this way, so for most systems it is safe to choose full randomization. Systems with ancient and/or broken binaries should be configured with CONFIG_COMPAT_BRK enabled, which excludes the heap from process address space randomization. Discussion: #1: Jan Engelhardt (jengelh) (2012-02-05 15:26:45) At the same time, what about setting CONFIG_COMPAT_VDSO to disabled as well? + #2: Marcus Meissner (msmeissn) (2012-02-05 19:12:56) (reply to #1) + Security is all in favour of that. -- openSUSE Feature: https://features.opensuse.org/313171

Feature changed by: Michal Marek (michal-m) Feature #313171, revision 9 Title: enable full heap randomisation openSUSE Distribution: Evaluation by project manager Priority Requester: Important Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: set kernel.randomize_va_space=2 to enable full heap randomisation. Citing sysctl/kernel.txt: 2 - Additionally enable heap randomization. This is the default if CONFIG_COMPAT_BRK is disabled. There are a few legacy applications out there (such as some ancient versions of libc.so. 5 from 1996) that assume that brk area starts just after the end of the code+bss. These applications break when start of the brk area is randomized. There are however no known non-legacy applications that would be broken this way, so for most systems it is safe to choose full randomization. Systems with ancient and/or broken binaries should be configured with CONFIG_COMPAT_BRK enabled, which excludes the heap from process address space randomization. + Documentation Impact: + RN Discussion: #1: Jan Engelhardt (jengelh) (2012-02-05 15:26:45) At the same time, what about setting CONFIG_COMPAT_VDSO to disabled as well? #2: Marcus Meissner (msmeissn) (2012-02-05 19:12:56) (reply to #1) Security is all in favour of that. #3: Andreas Jaeger (a_jaeger) (2012-02-29 12:07:05) Let's go for it... -- openSUSE Feature: https://features.opensuse.org/313171

Feature changed by: Karl Eichwalder (keichwa) Feature #313171, revision 12 Title: enable full heap randomisation openSUSE Distribution: Evaluation by project manager Priority Requester: Important Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: set kernel.randomize_va_space=2 to enable full heap randomisation. Citing sysctl/kernel.txt: 2 - Additionally enable heap randomization. This is the default if CONFIG_COMPAT_BRK is disabled. There are a few legacy applications out there (such as some ancient versions of libc.so. 5 from 1996) that assume that brk area starts just after the end of the code+bss. These applications break when start of the brk area is randomized. There are however no known non-legacy applications that would be broken this way, so for most systems it is safe to choose full randomization. Systems with ancient and/or broken binaries should be configured with CONFIG_COMPAT_BRK enabled, which excludes the heap from process address space randomization. Documentation Impact: RN Discussion: #1: Jan Engelhardt (jengelh) (2012-02-05 15:26:45) At the same time, what about setting CONFIG_COMPAT_VDSO to disabled as well? #2: Marcus Meissner (msmeissn) (2012-02-05 19:12:56) (reply to #1) Security is all in favour of that. #3: Andreas Jaeger (a_jaeger) (2012-02-29 12:07:05) Let's go for it... + #5: Karl Eichwalder (keichwa) (2014-08-05 09:17:13) + One of you guys please to move this from 12 SP1 to 12 (GA). Release Notes: Enabling Full Heap Randomization Solution: [All architectures] CONFIG_COMPAT_BRK has been disabled to allow randomisation of the start address of the userspace heap. This can break old binaries based on libc5. To revert to the old behavior, set the kernel.randomize_va_space sysctl to 2. [x86_64 only] CONFIG_COMPAT_VDSO has been disabled to enforce randomization of the VDSO address of 32bit binaries on x86_64. This can break 32bit binaries using glibc < 2.3.3. To revert to the old behavior, specify vdso=2 on the kernel command line. -- openSUSE Feature: https://features.opensuse.org/313171

Feature changed by: Karl Eichwalder (keichwa) Feature #313171, revision 14 Title: enable full heap randomisation openSUSE Distribution: Evaluation by project manager Priority Requester: Important Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: set kernel.randomize_va_space=2 to enable full heap randomisation. Citing sysctl/kernel.txt: 2 - Additionally enable heap randomization. This is the default if CONFIG_COMPAT_BRK is disabled. There are a few legacy applications out there (such as some ancient versions of libc.so. 5 from 1996) that assume that brk area starts just after the end of the code+bss. These applications break when start of the brk area is randomized. There are however no known non-legacy applications that would be broken this way, so for most systems it is safe to choose full randomization. Systems with ancient and/or broken binaries should be configured with CONFIG_COMPAT_BRK enabled, which excludes the heap from process address space randomization. Documentation Impact: RN Discussion: #1: Jan Engelhardt (jengelh) (2012-02-05 15:26:45) At the same time, what about setting CONFIG_COMPAT_VDSO to disabled as well? #2: Marcus Meissner (msmeissn) (2012-02-05 19:12:56) (reply to #1) Security is all in favour of that. #3: Andreas Jaeger (a_jaeger) (2012-02-29 12:07:05) Let's go for it... #5: Karl Eichwalder (keichwa) (2014-08-05 09:17:13) One of you guys please to move this from 12 SP1 to 12 (GA). #6: Karl Eichwalder (keichwa) (2014-08-11 13:39:41) (reply to #5) We please need this in SLE 12 (GA). + #7: Karl Eichwalder (keichwa) (2014-08-20 13:43:25) + We please need this in SLE 12 (GA). Release Notes: Enabling Full Heap Randomization Solution: [All architectures] CONFIG_COMPAT_BRK has been disabled to allow randomisation of the start address of the userspace heap. This can break old binaries based on libc5. To revert to the old behavior, set the kernel.randomize_va_space sysctl to 2. [x86_64 only] CONFIG_COMPAT_VDSO has been disabled to enforce randomization of the VDSO address of 32bit binaries on x86_64. This can break 32bit binaries using glibc < 2.3.3. To revert to the old behavior, specify vdso=2 on the kernel command line. -- openSUSE Feature: https://features.opensuse.org/313171

Feature changed by: Sławomir Lach (Lachu) Feature #313171, revision 19 Title: enable full heap randomisation openSUSE Distribution: Done Priority Requester: Important Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: set kernel.randomize_va_space=2 to enable full heap randomisation. Citing sysctl/kernel.txt: 2 - Additionally enable heap randomization. This is the default if CONFIG_COMPAT_BRK is disabled. There are a few legacy applications out there (such as some ancient versions of libc.so. 5 from 1996) that assume that brk area starts just after the end of the code+bss. These applications break when start of the brk area is randomized. There are however no known non-legacy applications that would be broken this way, so for most systems it is safe to choose full randomization. Systems with ancient and/or broken binaries should be configured with CONFIG_COMPAT_BRK enabled, which excludes the heap from process address space randomization. Documentation Impact: RN Discussion: #1: Jan Engelhardt (jengelh) (2012-02-05 15:26:45) At the same time, what about setting CONFIG_COMPAT_VDSO to disabled as well? #2: Marcus Meissner (msmeissn) (2012-02-05 19:12:56) (reply to #1) Security is all in favour of that. #3: Andreas Jaeger (a_jaeger) (2012-02-29 12:07:05) Let's go for it... #5: Karl Eichwalder (keichwa) (2014-08-05 09:17:13) One of you guys please to move this from 12 SP1 to 12 (GA). #6: Karl Eichwalder (keichwa) (2014-08-11 13:39:41) (reply to #5) We please need this in SLE 12 (GA). #7: Karl Eichwalder (keichwa) (2014-08-20 13:43:25) We please need this in SLE 12 (GA). #10: Libor Pechacek (lpechacek) (2015-02-25 14:09:17) Implemented - commit 990b059df in SUSE kernel tree. + #11: Sławomir Lach (lachu) (2015-02-27 19:55:17) + Not better to add special flag to ELF files, which contains kernel and + other related information, like full heap randomization? + Who creates/manages ELF specification? You could (probably) add extra + section for store this information. Release Notes: Enabling Full Heap Randomization Solution: [All architectures] CONFIG_COMPAT_BRK has been disabled to allow randomisation of the start address of the userspace heap. This can break old binaries based on libc5. To revert to the old behavior, set the kernel.randomize_va_space sysctl to 2. [x86_64 only] CONFIG_COMPAT_VDSO has been disabled to enforce randomization of the VDSO address of 32bit binaries on x86_64. This can break 32bit binaries using glibc < 2.3.3. To revert to the old behavior, specify vdso=2 on the kernel command line. -- openSUSE Feature: https://features.opensuse.org/313171