ALT Linux kernel packages development
 help / color / mirror / Atom feed
* [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set
@ 2022-03-25 11:57 Andrew A. Vasilyev
  2022-03-25 13:14 ` Vitaly Chikunov
  2022-05-06 14:19 ` Vitaly Chikunov
  0 siblings, 2 replies; 5+ messages in thread
From: Andrew A. Vasilyev @ 2022-03-25 11:57 UTC (permalink / raw)
  To: devel-kernel


[-- Attachment #1.1: Type: text/plain, Size: 103 bytes --]

   Hi!

   Возможно ли включение CONFIG_RANDOMIZE_BASE в наших ядрах?

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set
  2022-03-25 11:57 [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set Andrew A. Vasilyev
@ 2022-03-25 13:14 ` Vitaly Chikunov
  2022-05-06 14:19 ` Vitaly Chikunov
  1 sibling, 0 replies; 5+ messages in thread
From: Vitaly Chikunov @ 2022-03-25 13:14 UTC (permalink / raw)
  To: ALT Linux kernel packages development

On Fri, Mar 25, 2022 at 02:57:40PM +0300, Andrew A. Vasilyev wrote:
>   Hi!
> 
>   Возможно ли включение CONFIG_RANDOMIZE_BASE в наших ядрах?

В Fedora/Ubuntu/Opensuse это включено.
(Кроме того включено в -rt ядре.)

Но, интересно, от скольких CVE это защитило?




> _______________________________________________
> devel-kernel mailing list
> devel-kernel@lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel-kernel



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set
  2022-03-25 11:57 [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set Andrew A. Vasilyev
  2022-03-25 13:14 ` Vitaly Chikunov
@ 2022-05-06 14:19 ` Vitaly Chikunov
  2022-05-06 14:26   ` Dmitry V. Levin
  1 sibling, 1 reply; 5+ messages in thread
From: Vitaly Chikunov @ 2022-05-06 14:19 UTC (permalink / raw)
  To: ALT Linux kernel packages development

On Fri, Mar 25, 2022 at 02:57:40PM +0300, Andrew A. Vasilyev wrote:
>   Hi!
> 
>   Возможно ли включение CONFIG_RANDOMIZE_BASE в наших ядрах?

Думаю, это возможно, если никто не против. Так как в Ubuntu и Fedora
это включено.


> _______________________________________________
> devel-kernel mailing list
> devel-kernel@lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel-kernel



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set
  2022-05-06 14:19 ` Vitaly Chikunov
@ 2022-05-06 14:26   ` Dmitry V. Levin
  2022-05-06 14:30     ` Vitaly Chikunov
  0 siblings, 1 reply; 5+ messages in thread
From: Dmitry V. Levin @ 2022-05-06 14:26 UTC (permalink / raw)
  To: devel-kernel

On Fri, May 06, 2022 at 05:19:01PM +0300, Vitaly Chikunov wrote:
> On Fri, Mar 25, 2022 at 02:57:40PM +0300, Andrew A. Vasilyev wrote:
> >   Hi!
> > 
> >   Возможно ли включение CONFIG_RANDOMIZE_BASE в наших ядрах?
> 
> Думаю, это возможно, если никто не против. Так как в Ubuntu и Fedora
> это включено.

$ grep -A3 'config RANDOMIZE_BASE' arch/x86/Kconfig
config RANDOMIZE_BASE
	bool "Randomize the address of the kernel image (KASLR)"
	depends on RELOCATABLE
	default y

Непонятно, почему оно оказалось не включено.


-- 
ldv


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set
  2022-05-06 14:26   ` Dmitry V. Levin
@ 2022-05-06 14:30     ` Vitaly Chikunov
  0 siblings, 0 replies; 5+ messages in thread
From: Vitaly Chikunov @ 2022-05-06 14:30 UTC (permalink / raw)
  To: ALT Linux kernel packages development

On Fri, May 06, 2022 at 05:26:13PM +0300, Dmitry V. Levin wrote:
> On Fri, May 06, 2022 at 05:19:01PM +0300, Vitaly Chikunov wrote:
> > On Fri, Mar 25, 2022 at 02:57:40PM +0300, Andrew A. Vasilyev wrote:
> > >   Hi!
> > > 
> > >   Возможно ли включение CONFIG_RANDOMIZE_BASE в наших ядрах?
> > 
> > Думаю, это возможно, если никто не против. Так как в Ubuntu и Fedora
> > это включено.
> 
> $ grep -A3 'config RANDOMIZE_BASE' arch/x86/Kconfig
> config RANDOMIZE_BASE
> 	bool "Randomize the address of the kernel image (KASLR)"
> 	depends on RELOCATABLE
> 	default y
> 
> Непонятно, почему оно оказалось не включено.

Другой вопрос - есть ли хоть 1 CVE от которого защитила эта опция.

> 
> 
> -- 
> ldv
> _______________________________________________
> devel-kernel mailing list
> devel-kernel@lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel-kernel


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-05-06 14:30 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-25 11:57 [d-kernel] config: CONFIG_RANDOMIZE_BASE is not set Andrew A. Vasilyev
2022-03-25 13:14 ` Vitaly Chikunov
2022-05-06 14:19 ` Vitaly Chikunov
2022-05-06 14:26   ` Dmitry V. Levin
2022-05-06 14:30     ` Vitaly Chikunov

ALT Linux kernel packages development

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel-kernel/0 devel-kernel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel-kernel devel-kernel/ http://lore.altlinux.org/devel-kernel \
		devel-kernel@altlinux.org devel-kernel@altlinux.ru devel-kernel@altlinux.com
	public-inbox-index devel-kernel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git