Re: [PATCH] mm: optionally disable brk()

From: Topi Miettinen
Date: Mon Oct 05 2020 - 05:03:35 EST

Next message: Vignesh Raghavendra: "[PATCH] Revert "mtd: spi-nor: Prefer asynchronous probe""
Previous message: Andy Shevchenko: "Re: [PATCH v2] platform/x86: hp-wmi: add support for thermal policy"
In reply to: Michal Hocko: "Re: [PATCH] mm: optionally disable brk()"
Next in thread: Jonathan Corbet: "Re: [PATCH] mm: optionally disable brk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5.10.2020 11.22, Michal Hocko wrote:

On Mon 05-10-20 11:11:35, Topi Miettinen wrote:
[...]

I think hardened, security oriented systems should disable brk() completely
because it will increase the randomization of the process address space
(ASLR). This wouldn't be a good option to enable for systems where maximum
compatibility with legacy software is more important than any hardening.

I believe we already do have means to filter syscalls from userspace for
security hardened environements. Or is there any reason to duplicate
that and control during the configuration time?

This is true, but seccomp can't be used for cases where NoNewPrivileges can't be enabled (setuid/setgid binaries present which sadly is still often the case even in otherwise hardened system), so it's typically not possible to install a filter for the whole system.

-Topi

Next message: Vignesh Raghavendra: "[PATCH] Revert "mtd: spi-nor: Prefer asynchronous probe""
Previous message: Andy Shevchenko: "Re: [PATCH v2] platform/x86: hp-wmi: add support for thermal policy"
In reply to: Michal Hocko: "Re: [PATCH] mm: optionally disable brk()"
Next in thread: Jonathan Corbet: "Re: [PATCH] mm: optionally disable brk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]