On Thu, 2010-07-15 at 17:18 +0100, Radoslaw Madej wrote:
> Package: linux-2.6
> Version: 2.6.26-24
> Severity: normal
>
> Hi,
> When running the latest stable Debian kernel the base address of a heap is not randomised regardless of the
> setting for randomize_va_space (it is set to 2 by default). This can be observed by using a simple .c
> program (below) or using the paxtest suite available from here:
> http://grsecurity.net/~spender/paxtest-0.9.9.tgz
Good spot. At the point where heap randomisation should be done,
PF_RANDOMIZE has been cleared. This seems to be a regression due to the
fix for CVE-2010-0307. We need to apply the follow-up patch:
commit 7ab02af428c2d312c0cf8fb0b01cc1eb21131a3d
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue Feb 2 12:37:44 2010 -0800
Fix 'flush_old_exec()/setup_new_exec()' split
Ben.
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part