Hi,

...

The file "/proc/sys/kernel/randomize_va_space" has write permission for user as below: [root@shagun ~]# ls -lrtZ /proc/sys/kernel/randomize_va_space rw-r--r--. root root system_u:object_r:proc_security_t:s0 /proc/sys/kernel/randomize_va_space

If we want to change this permission to read only permission for the user. Is it possible?

And i found the code also:

kernel/sysctl.c @@ -1130,7 +1130,11 @@ static struct ctl_table kern_table[] = { .procname = "randomize_va_space", .data = &randomize_va_space, .maxlen = sizeof(int), +#ifdef CONFIG_ASLR_SYSCTL_READ_ONLY + .mode = 0444, +#else .mode = 0644, +#endif

Can we make it as 0444, currently randomize_va_space is 644?

Any changes to the kernel should be requested through https://clicktime.symantec.com/3KpmXJbD9xEqbGPHpBNCtpd7Vc?u=https%3A%2F%2Fbu... for RHEL7's kernel package.

Why do you want root to not be able to write to that sysctl? Do you not want it to be able to be modified?

Because While running dASLR tool, "randomize_va_space unconfigurable" test in "Kernel Check" is FAILED.

As per support for dASLR tool, "randomize_va_space_unconfigurable" fail means that "/proc/sys/kernel/randomize_va_space" has write permission.

Regards, Shagun