[Security] Heap and PIE randomization
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: linux-image-generic
Currently the kernel randomizes the stack base and mmap() base. The mmap() base covers libraries, file-backed mmap() segments (i.e. libraries), and anonymous data segments (including shared memory mappings IIRC). This leaves the heap and program executable.
I believe the Fedora/RedHat kernels randomize the heap base, but not executables (even PIEs, see bug #139435). PaX definitely randomizes the heap base, and can randomize the base of PIEs (as well as non-PIEs in some cases using complex segmentation tricks).
I believe it would be advantageous security-wise to ship kernels that can randomize the heap base. This may require some politics on the LKML or simply shipping with some custom patches; also for compatibility, a boot-time switch to disable heap randomization should be available.
It would also be advantageous to randomize the base of PIEs in the context of bug #139435, for the reasons given there.
Yes, this is where we're heading. I've been working with some of the SuSE engineers to test and prepare patches[1] for LKML. For other details and a test tool, see bug 83895.