brk randomization: introduce CONFIG_COMPAT_BRK based on similar patch from: Pavel Machek <pavel@ucw.cz> Introduce CONFIG_COMPAT_BRK. If disabled then the kernel is free (but not obliged to) randomize the brk area. Heap randomization breaks ancient binaries, so we keep COMPAT_BRK enabled by default. Signed-off-by: Ingo Molnar <mingo@elte.hu>

commit: 32a932332c8bad842804842eaf9651ad6268e637 [log] [tgz]
author: Ingo Molnar <mingo@elte.hu> Wed Feb 06 22:39:44 2008 +0100
committer: Ingo Molnar <mingo@elte.hu> Wed Feb 06 22:39:44 2008 +0100
tree: 58f187409029f089f788c5c35ad5c200b4a555af
parent: 4cc6028d4040f95cdb590a87db478b42b8be0508 [diff] [blame]
diff --git a/init/Kconfig b/init/Kconfig
index 87f50df..92b23e2 100644
--- a/init/Kconfig
+++ b/init/Kconfig

@@ -541,6 +541,18 @@
 	help
 	  Enable support for generating core dumps. Disabling saves about 4k.
 
+config COMPAT_BRK
+	bool "Disable heap randomization"
+	default y
+	help
+	  Randomizing heap placement makes heap exploits harder, but it
+	  also breaks ancient binaries (including anything libc5 based).
+	  This option changes the bootup default to heap randomization
+	  disabled, and can be overriden runtime by setting
+	  /proc/sys/kernel/randomize_va_space to 2.
+
+	  On non-ancient distros (post-2000 ones) Y is usually a safe choice.
+
 config BASE_FULL
 	default y
 	bool "Enable full-sized data structures for core" if EMBEDDED
commit	32a932332c8bad842804842eaf9651ad6268e637	[log] [tgz]
author	Ingo Molnar <mingo@elte.hu>	Wed Feb 06 22:39:44 2008 +0100
committer	Ingo Molnar <mingo@elte.hu>	Wed Feb 06 22:39:44 2008 +0100
tree	58f187409029f089f788c5c35ad5c200b4a555af
parent	4cc6028d4040f95cdb590a87db478b42b8be0508 [diff] [blame]