[ubuntu-hardened] KASLR: enabling on x86 with "kaslr" option via '/etc/default/grub' file.

daniel curtis sidetripping at gmail.com
Sun Jul 30 09:48:50 UTC 2017


Hello Seth,

Wow, thank You very much for an amazing answer. You are very smart person.
Thanks to You, I'd learned so many things about AppArmor, security etc. I
really appreciate it. Once again: thank You!

>> (...) which will increase the chances that an information leak will
>> allow bypassing the minimal gains in security due to KASLR.

So, are You trying to say, that enabling "kaslr" does not improve system
security? After adding "kaslr" option to the '/etc/default/grub' file,
generate a grub2 config file via update-grub(8) command, two values
"commit_creds" and "prepare_kernel" (from '/proc/kallsysms' file) were
randomized each time, during system starts.

However, without "kaslr", both values are the same - after every system
start. Additionally, I've also used - recommended by Developers -
'kptr_restrict' and 'dmesg_restrict'. So maybe it is not so bad on x86
architecture? These values can be checked with this command:

[~]# cat /proc/kallsyms | grep ' commit_creds\| prepare_kernel'
ffffffdc08e960  T commit_creds
ffffffdc08ed30  T prepare_kernel_cred

In this case, "kaslr" is in use. That's just an example. As I already
mentioned: without KASLR, both values have the same value. By the way;
running mentioned command, as a normal user (not root or via sudo(8)) shows
'00000000' in both cases. But that's just not important information.

>> ASLR for applications is far more useful than ASLR for a
>> kernel because (...)

I think, that You've made a little mistake here; You have used ASLR twice,
which make no sense to me. Can you write, which - KASLR or ASLR, is far
more useful for applications than [WHAT] for a kernel? :- )

I know about RAP and I think, that it's pretty amazing. Seth, I would like
to thank You for all these links to slides etc. I will certainly read this.
For sure.

So, according to all this things about KASLR (and especailly "(...)
increase the chances that an information leak will allow bypassing the
minimal gains in security due to KASLR." etc.), I want to ask: can I
use"kaslr" with regards to everything what You had wrote about this?

Thanks Seth, best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170730/d4ba3349/attachment.html>


More information about the ubuntu-hardened mailing list