[CentOS-devel] Need info about kernel file "randomize_va_space"
Maheshwari, Shagun
Shagun.Maheshwari at Harman.com
Fri Jun 28 10:25:52 UTC 2019
Hi,
>> The file "/proc/sys/kernel/randomize_va_space" has write permission for user as below:
>> [root at shagun ~]# ls -lrtZ /proc/sys/kernel/randomize_va_space
>> rw-r--r--. root root system_u:object_r:proc_security_t:s0 /proc/sys/kernel/randomize_va_space
>>
>> If we want to change this permission to read only permission for the user. Is it possible?
>>
>> And i found the code also:
>>
>> kernel/sysctl.c @@ -1130,7 +1130,11 @@ static struct ctl_table kern_table[] = { .procname = "randomize_va_space", .data = &randomize_va_space, .maxlen = sizeof(int), +#ifdef CONFIG_ASLR_SYSCTL_READ_ONLY + .mode = 0444, +#else .mode = 0644, +#endif
>>
>> Can we make it as 0444, currently randomize_va_space is 644?
> Any changes to the kernel should be requested through
> https://clicktime.symantec.com/3KpmXJbD9xEqbGPHpBNCtpd7Vc?u=https%3A%2F%2Fbugzilla.redhat.com%2F for RHEL7's kernel package.
> Why do you want root to not be able to write to that sysctl? Do you
> not want it to be able to be modified?
Because While running dASLR tool, "randomize_va_space unconfigurable" test in "Kernel Check" is FAILED.
As per support for dASLR tool, "randomize_va_space_unconfigurable" fail means that "/proc/sys/kernel/randomize_va_space" has write permission.
Regards,
Shagun
More information about the CentOS-devel
mailing list