34 lines
1.4 KiB
Diff
34 lines
1.4 KiB
Diff
From 6dada600ab3579296c9b2b57cf41b95792f021ed Mon Sep 17 00:00:00 2001
|
|
From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
|
|
Date: Sat, 13 Jan 2024 15:29:25 +0100
|
|
Subject: arch/Kconfig: Default to maximum amount of ASLR bits
|
|
|
|
To mitigate CVE-2024-26621 and improve randomization quality further. Do
|
|
this with a patch to avoid having to enable `CONFIG_EXPERT`.
|
|
|
|
Cherry-picked-for: https://zolutal.github.io/aslrnt/
|
|
---
|
|
arch/Kconfig | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
--- a/arch/Kconfig
|
|
+++ b/arch/Kconfig
|
|
@@ -1137,7 +1137,7 @@ config ARCH_MMAP_RND_BITS
|
|
int "Number of bits to use for ASLR of mmap base address" if EXPERT
|
|
range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
|
|
default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
|
|
- default ARCH_MMAP_RND_BITS_MIN
|
|
+ default ARCH_MMAP_RND_BITS_MAX
|
|
depends on HAVE_ARCH_MMAP_RND_BITS
|
|
help
|
|
This value can be used to select the number of bits to use to
|
|
@@ -1171,7 +1171,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
|
|
int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
|
|
range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
|
|
default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
|
|
- default ARCH_MMAP_RND_COMPAT_BITS_MIN
|
|
+ default ARCH_MMAP_RND_COMPAT_BITS_MAX
|
|
depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
|
|
help
|
|
This value can be used to select the number of bits to use to
|