Re: [PATCH] mm: optionally disable brk()

From: Michal Hocko
Date: Mon Oct 05 2020 - 04:22:58 EST

Next message: Ulf Hansson: "Re: [PATCH] mmc: meson-gx: remove IRQF_ONESHOT"
Previous message: Josh Triplett: "ext4 regression in v5.9-rc2 from e7bfb5c9bb3d on ro fs with overlapped bitmaps"
In reply to: Topi Miettinen: "Re: [PATCH] mm: optionally disable brk()"
Next in thread: Topi Miettinen: "Re: [PATCH] mm: optionally disable brk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon 05-10-20 11:11:35, Topi Miettinen wrote:
[...]
> I think hardened, security oriented systems should disable brk() completely
> because it will increase the randomization of the process address space
> (ASLR). This wouldn't be a good option to enable for systems where maximum
> compatibility with legacy software is more important than any hardening.

I believe we already do have means to filter syscalls from userspace for
security hardened environements. Or is there any reason to duplicate
that and control during the configuration time?
--
Michal Hocko
SUSE Labs

Next message: Ulf Hansson: "Re: [PATCH] mmc: meson-gx: remove IRQF_ONESHOT"
Previous message: Josh Triplett: "ext4 regression in v5.9-rc2 from e7bfb5c9bb3d on ro fs with overlapped bitmaps"
In reply to: Topi Miettinen: "Re: [PATCH] mm: optionally disable brk()"
Next in thread: Topi Miettinen: "Re: [PATCH] mm: optionally disable brk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]