Memory Randomization - Linux default configuration

tkdfighter · 2009-03-26 19:36:42

Hi,

lately I've been wondering if the Linux kernel has any ASLR (Address Space Layout Randomization) enabled by default. I know that PaX and grsecurity are in vanilla, but I've also read that by enabling these you will run into problems with X, MPlayer etc. Considering that exploits are made much, much harder when the bad guy doesn't know where his code is located in the heap, I presume that it would be worthwhile to use this technology as many of the modern exploits especially target applications the user uses to interact with the internet.

On a similar note, is the NX bit being used by default?

So, what's the current status and what does the near future look like?

Edit: Of course I meant the heap, not stack. Fixed, thanks dyscoria.

Last edited by tkdfighter (2009-03-27 14:06:36)

szymon_g · 2009-03-27 10:19:34

tkdfighter wrote:

I know that PaX and grsecurity are in vanilla

what? some PaX features are/will be implemented in mainline, but i have no idea about grsecurity
anyway- i wish someone will give good answers in this topic

dyscoria · 2009-03-27 11:34:00

I know heap randomization occurs by default in the kernel, but I don't think it has anything close to full PaX capabilities.

tkdfighter · 2009-03-27 14:31:43

]So I did some reading on Wikipedia. grsecurity actually bundles PaX. Also, since version 2.6.12, the kernel has a weak form of ASLR enabled by default, as does OS X. Windows Vista has a more complete implementation. Reading this, it appears that the weak OS X implementation is not really sufficient. Miller doesn't really make a statement about Linux, but I assume you could argue that the same goes for Linux.
I can see though that PaX is not in vanilla, contrary to what I first thought, and that it doesn't support the most recent kernels.

Another question: why isn't there any protection for simple fork bombs in Arch by default? There is no distribution I know of that has nproc set in limits.conf by default. Some basic things like this would be kind of nice, as I'm sure that there are alot of trivial settings to improve security I and other users don't know about.

Ranguvar · 2009-03-27 15:36:35

tkdfighter wrote:

Another question: why isn't there any protection for simple fork bombs in Arch by default?

This is one of the instances that is actually arguable, but I'd say because Arch is vanilla If you don't set it yourself, you don't get it, for as much as possible. I personally think the behavior now is good.

tkdfighter · 2009-03-27 21:24:55

Of course it's arguable, But don't you agree that it's wreakless to have a insecure system? Nobody's preventing you not to install updates/patches, but it is recommended, as should be basic security measures like e.g. nproc and not allowing root access over ssh without a password. I mean, it's not even mentioned on the wiki. Maybe I should add a link to the Gentoo security handbook.

Maybe I'm just being paranoid (but I hear that's a good thing ).

Now that we know the kernel has some basic form of ASLR enabled by default, the question is: how secure is it?

Arch Linux

#1 2009-03-26 19:36:42

Memory Randomization - Linux default configuration

#2 2009-03-27 10:19:34

Re: Memory Randomization - Linux default configuration

#3 2009-03-27 11:34:00

Re: Memory Randomization - Linux default configuration

#4 2009-03-27 14:31:43

Re: Memory Randomization - Linux default configuration

#5 2009-03-27 15:36:35

Re: Memory Randomization - Linux default configuration

#6 2009-03-27 21:24:55

Re: Memory Randomization - Linux default configuration

Board footer