> There are currently other issues. Try: > > sysctl vm.mmap_rnd_bits=32 > sysctl vm.mmap_rnd_compat_bits=16 > > IIRC that breaks some sanitizers at least for 32-bit executables. Also, stack mapping rand isn't yet tied to that sysctl but is rather hard-wired to 11 bits on 32-bit and 20 bits (IIRC) on 64-bit. Once it's tied to the sysctl (or a different sysctl, if keeping the same defaults is desired) that will be able to use significantly more address space. It might be setting it to the maximum + better stack rand that breaks sanitizers, rather than just setting the entropy higher. If anyone wants to test some other changes though... https://github.com/copperhead/linux-hardened/commit/31ebed471d31a437cc551b1bfae03c9e7f58117d.patch https://github.com/copperhead/linux-hardened/commit/073329e7b541b89172833f61fb84d81f32389d6e.patch They haven't been submitted for inclusion upstream, but that's the plan: reaching parity with the ASLR PaX has provided for years when the entropy values are set to max. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>