[Bug 139436] [Security] Heap and PIE randomization

John Moser nigelenki at comcast.net
Thu Sep 13 18:07:51 UTC 2007

Public bug reported:

Binary package hint: linux-image-generic

Currently the kernel randomizes the stack base and mmap() base. The
mmap() base covers libraries, file-backed mmap() segments (i.e.
libraries), and anonymous data segments (including shared memory
mappings IIRC). This leaves the heap and program executable.

I believe the Fedora/RedHat kernels randomize the heap base, but not
executables (even PIEs, see bug #139435).  PaX definitely randomizes the
heap base, and can randomize the base of PIEs (as well as non-PIEs in
some cases using complex segmentation tricks).

I believe it would be advantageous security-wise to ship kernels that
can randomize the heap base.  This may require some politics on the LKML
or simply shipping with some custom patches; also for compatibility, a
boot-time switch to disable heap randomization should be available.

It would also be advantageous to randomize the base of PIEs in the
context of bug #139435, for the reasons given there.

** Affects: linux-meta (Ubuntu)
     Importance: Undecided
         Status: New

[Security] Heap and PIE randomization
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-meta in ubuntu.

More information about the kernel-bugs mailing list