Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7f5ab6f authored by Horst Schirmeier's avatar Horst Schirmeier Committed by Jiri Kosina
Browse files

trivial: doc: document missing value 2 for randomize-va-space 



The documentation for /proc/sys/kernel/* does not mention the possible
value 2 for randomize-va-space yet.  While being there, doing some
reformatting, fixing grammar problems and clarifying the correlations
between randomize-va-space, kernel parameter "norandmaps" and the
CONFIG_COMPAT_BRK option.

Signed-off-by: default avatarHorst Schirmeier <horst@schirmeier.com>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
parent 627df23c

Documentation/sysctl/kernel.txt

+17 −13
Original line number Diff line number Diff line
@@ -319,25 +319,29 @@ This option can be used to select the type of process address 
space randomization that is used in the system, for architectures

that support this feature.



0 - Turn the process address space randomization off by default.

0 - Turn the process address space randomization off.  This is the

    default for architectures that do not support this feature anyways,

    and kernels that are booted with the "norandmaps" parameter.



1 - Make the addresses of mmap base, stack and VDSO page randomized.

    This, among other things, implies that shared libraries will be

    loaded to random addresses. Also for PIE-linked binaries, the location

    of code start is randomized.

    loaded to random addresses.  Also for PIE-linked binaries, the

    location of code start is randomized.  This is the default if the

    CONFIG_COMPAT_BRK option is enabled.



    With heap randomization, the situation is a little bit more

    complicated.

    There a few legacy applications out there (such as some ancient

2 - Additionally enable heap randomization.  This is the default if

    CONFIG_COMPAT_BRK is disabled.



    There are a few legacy applications out there (such as some ancient

    versions of libc.so.5 from 1996) that assume that brk area starts

    just after the end of the code+bss.  These applications break when

    start of the brk area is randomized.  There are however no known

    non-legacy applications that would be broken this way, so for most

    systems it is safe to choose full randomization. However there is

    a CONFIG_COMPAT_BRK option for systems with ancient and/or broken

    binaries, that makes heap non-randomized, but keeps all other

    parts of process address space randomized if randomize_va_space

    sysctl is turned on.

    systems it is safe to choose full randomization.



    Systems with ancient and/or broken binaries should be configured

    with CONFIG_COMPAT_BRK enabled, which excludes the heap from process

    address space randomization.



==============================================================