KASLR should be enabled by default (x86)
Bug #1573848 reported by
Kees Cook
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Medium
|
Tim Gardner | ||
| Yakkety |
Fix Released
|
Medium
|
Tim Gardner | ||
Bug Description
Kernel Address Space Layout Randomization (KASLR) can make it harder to accomplish kernel security vulnerability exploits, especially during remote attacks or attacks from containers. On x86, KASLR has a run-time conflict with Hibernation, and currently the kernel selects Hibernation instead of KASLR unless the "kaslr" kernel command line option is given at boot time. Since the Unity desktop disabled access to Hibernation by default and cloud images don't use Hibernation, it would make sense to make KASLR enabled by default on Ubuntu. Those wishing to use Hibernation could just provide the "nokaslr" kernel command line option to flip the preference back.
A patch to implement this already exists:
https:/
| tags: | added: patch |
Revision history for this message
| Brad Figg (brad-figg) wrote Missing required logs. | #1 |
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Confirmed |
| tags: | added: kernel-da-key |
| Changed in linux (Ubuntu): | |
| importance: | Undecided → Medium |
| status: | Confirmed → Triaged |
| Changed in linux (Ubuntu Yakkety): | |
| milestone: | none → ubuntu-16.10 |
| Changed in linux (Ubuntu Yakkety): | |
| assignee: | nobody → Tim Gardner (timg-tpi) |
| status: | Triaged → Fix Released |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1573848
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.