On 5.10.2020 11.22, Michal Hocko wrote:
On Mon 05-10-20 11:11:35, Topi Miettinen wrote:
[...]
I think hardened, security oriented systems should disable brk() completely
because it will increase the randomization of the process address space
(ASLR). This wouldn't be a good option to enable for systems where maximum
compatibility with legacy software is more important than any hardening.
I believe we already do have means to filter syscalls from userspace for
security hardened environements. Or is there any reason to duplicate
that and control during the configuration time?
This is true, but seccomp can't be used for cases where NoNewPrivileges
can't be enabled (setuid/setgid binaries present which sadly is still
often the case even in otherwise hardened system), so it's typically not
possible to install a filter for the whole system.
-Topi
