[ubuntu-hardened] KASLR: enabling on x86 with "kaslr" option via '/etc/default/grub' file.

daniel curtis sidetripping at gmail.com
Wed Aug 2 19:16:21 UTC 2017


>> Aww, thanks Daniel :D Very kind of you to say so.
>> It's always a pleasure.

Seth, but that's true! In some way, you're teaching me by your answers. So
once again: thank You very, very much.

>> I debated about writing "ASLR for applications" and "KASLR"
>> but wanted to draw the distinction that it's ASLR for both
>> but ASLR for applications is more useful than ASLR for kernels.

OK, I understand. So I'll use KASLR even if it's not magic.

Hi Mr Kees Cook

Firstly, I want to thank You for your job to make a Linux secure by
default. I hope You will not give up, because of various pressures: hard
work, more work and so on.

>> One additional note here is that Linux kernel v4.8 and later
>> has CONFIG_RANDOMIZE_MEMORY which shuffles where
>> a number of memory sections live in memory at each boot too
>> (...)

Thanks for an information. I'm preparing to install HWE kernel on 16.04 LTS
Release. I think, that v4.10 is now available (linux-hwe.) As an example,
the 16.04.2 point release, would have v4.8 based kernel. However, I'm using
16.04.3 right now, so it will be definitely v4.10.

Personally, I'm waiting for a newer, hardened versions with new security
features such as GCC plugins and many, many more.

Thanks, best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170802/caeed9ba/attachment.html>

More information about the ubuntu-hardened mailing list