• Jiri Kosina's avatar
    x86: randomize brk · c1d171a0
    Jiri Kosina authored
    Randomize the location of the heap (brk) for i386 and x86_64.  The range is
    randomized in the range starting at current brk location up to 0x02000000
    offset for both architectures.  This, together with
    pie-executable-randomization.patch and
    pie-executable-randomization-fix.patch, should make the address space
    randomization on i386 and x86_64 complete.
    
    Arjan says:
    
    This is known to break older versions of some emacs variants, whose dumper
    code assumed that the last variable declared in the program is equal to the
    start of the dynamically allocated memory region.
    
    (The dumper is the code where emacs effectively dumps core at the end of it's
    compilation stage; this coredump is then loaded as the main program during
    normal use)
    
    iirc this was 5 years or so; we found this way back when I was at RH and we
    first did the security stuff there (including this brk randomization).  It
    wasn't all variants of emacs, and it got fixed as a result (I vaguely remember
    that emacs already had code to deal with it for other archs/oses, just
    ifdeffed wrongly).
    
    It's a rare and wrong assumption as a general thing, just on x86 it mostly
    happened to be true (but to be honest, it'll break too if gcc does
    something fancy or if the linker does a non-standard order).  Still its
    something we should at least document.
    
    Note 2: afaik it only broke the emacs *build*.  I'm not 100% sure about that
    (it IS 5 years ago) though.
    
    [ akpm@linux-foundation.org: deuglification ]
    Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
    Cc: Arjan van de Ven <arjan@infradead.org>
    Cc: Roland McGrath <roland@redhat.com>
    Cc: Jakub Jelinek <jakub@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    c1d171a0
process_32.c 24.3 KB