On Mon 05-10-20 11:11:35, Topi Miettinen wrote: [...] > I think hardened, security oriented systems should disable brk() completely > because it will increase the randomization of the process address space > (ASLR). This wouldn't be a good option to enable for systems where maximum > compatibility with legacy software is more important than any hardening. I believe we already do have means to filter syscalls from userspace for security hardened environements. Or is there any reason to duplicate that and control during the configuration time? -- Michal Hocko SUSE Labs
