KASLR should be enabled by default (x86)

Bug #1573848 reported by Kees Cook on 2016-04-22
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Tim Gardner
Yakkety
Medium
Tim Gardner

Bug Description

Kernel Address Space Layout Randomization (KASLR) can make it harder to accomplish kernel security vulnerability exploits, especially during remote attacks or attacks from containers. On x86, KASLR has a run-time conflict with Hibernation, and currently the kernel selects Hibernation instead of KASLR unless the "kaslr" kernel command line option is given at boot time. Since the Unity desktop disabled access to Hibernation by default and cloud images don't use Hibernation, it would make sense to make KASLR enabled by default on Ubuntu. Those wishing to use Hibernation could just provide the "nokaslr" kernel command line option to flip the preference back.

A patch to implement this already exists:
https://lkml.org/lkml/2016/4/6/637

Kees Cook (kees) on 2016-04-22
tags: added: patch

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1573848

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Steve Beattie (sbeattie) on 2016-04-22
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: kernel-da-key
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Tim Gardner (timg-tpi) on 2016-05-02
Changed in linux (Ubuntu Yakkety):
milestone: none → ubuntu-16.10
Tim Gardner (timg-tpi) on 2016-09-28
Changed in linux (Ubuntu Yakkety):
assignee: nobody → Tim Gardner (timg-tpi)
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers