)]}' { "commit": "9c028844243bbeb80be23480175dc54b87b09fc7", "tree": "b93f07ef9d9aef86cd93ba8093d36163fa62d304", "parents": [ "41f7c0e0f85db02b3bc2b158f923452107e05c4a" ], "author": { "name": "Hector Marco-Gisbert", "email": "hecmargi@upv.es", "time": "Thu Mar 10 20:51:00 2016 +0100" }, "committer": { "name": "Todd Kjos", "email": "tkjos@google.com", "time": "Thu Oct 05 22:39:26 2017 +0000" }, "message": "UPSTREAM: x86/mm/32: Enable full randomization on i386 and X86_32\n\nCurrently on i386 and on X86_64 when emulating X86_32 in legacy mode, only\nthe stack and the executable are randomized but not other mmapped files\n\nlibraries, vDSO and mmap requests on i386 and in X86_32 in legacy mode.\n\nBy default on i386 there are 8 bits for the randomization of the libraries,\nvDSO and mmaps which only uses 1MB of VA.\n\nThis patch preserves the original randomness, using 1MB of VA out of 3GB or\n4GB. We think that 1MB out of 3GB is not a big cost for having the ASLR.\n\nThe first obvious security benefit is that all objects are randomized (not\nonly the stack and the executable) in legacy mode which highly increases\nthe ASLR effectiveness, otherwise the attackers may use these\nnon-randomized areas. But also sensitive setuid/setgid applications are\nmore secure because currently, attackers can disable the randomization of\nthese applications by setting the ulimit stack to \"unlimited\". This is a\nvery old and widely known trick to disable the ASLR in i386 which has been\nallowed for too long.\n\nAnother trick used to disable the ASLR was to set the ADDR_NO_RANDOMIZE\npersonality flag, but fortunately this doesn\u0027t work on setuid/setgid\napplications because there is security checks which clear Security-relevant\nflags.\n\nThis patch always randomizes the mmap_legacy_base address, removing the\npossibility to disable the ASLR by setting the stack to \"unlimited\".\n\nSigned-off-by: Hector Marco-Gisbert \u003checmargi@upv.es\u003e\nAcked-by: Ismael Ripoll Ripoll \u003ciripoll@upv.es\u003e\nAcked-by: Kees Cook \u003ckeescook@chromium.org\u003e\nAcked-by: Arjan van de Ven \u003carjan@linux.intel.com\u003e\nCc: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nCc: Peter Zijlstra \u003cpeterz@infradead.org\u003e\nCc: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nCc: akpm@linux-foundation.org\nCc: kees Cook \u003ckeescook@chromium.org\u003e\nLink: http://lkml.kernel.org/r/1457639460-5242-1-git-send-email-hecmargi@upv.es\nSigned-off-by: Ingo Molnar \u003cmingo@kernel.org\u003e\n\nBug: 28763575\nChange-Id: Icd128489c3c196ade64f79d4ea898d29f8471baf\n(cherry picked from commit 8b8addf891de8a00e4d39fc32f93f7c5eb8feceb)\n", "tree_diff": [ { "type": "modify", "old_id": "084c36f6b4e322714cc0bf8db0b901ac67a2e09c", "old_mode": 33188, "old_path": "arch/x86/mm/mmap.c", "new_id": "47287ea3f080419d7587975364548e66bb290a05", "new_mode": 33188, "new_path": "arch/x86/mm/mmap.c" } ] }