documentation-packages team mailing list archive

Thread
Date

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

To: documentation-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1912614@xxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Jan 2021 02:43:18 -0000
Reply-to: Bug 1912614 <1912614@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for the corrections, lo-na-aleim. We've updated the wiki page to
reflect the KASLR features as they stand currently.

This wiki page is programmatically constructed: hand edits wouldn't
survive in the long run.

Note that the /proc/sys/kernel/randomize_va_space controls whether or
not the brk address space within userspace processes should be
randomized. Quoting from the Linux kernel source file init/Kconfig:

Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
This option changes the bootup default to heap randomization
disabled, and can be overridden at runtime by setting
/proc/sys/kernel/randomize_va_space to 2.

I don't know off-hand a reliable programmatic tool available to
determine that the kernel has booted into a randomized base location, or
whether it randomizes memory slabs, etc. The /boot/config* files by
convention show the configuration of the kernel, but local
administrators may not observe this convention if they replace the
kernel.

Thanks

** Changed in: ubuntu-docs (Ubuntu)
Status: New => Fix Released

--
You received this bug notification because you are a member of
Documentation Packages, which is subscribed to ubuntu-docs in Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
kASLR incorrectly described as disabled by default in
Security/Features

Status in ubuntu-docs package in Ubuntu:
Fix Released

Bug description:
According to: https://wiki.ubuntu.com/Security/Features kASLR is disabled by default. Additionally,
it is reported that enabling kASLR will disable the ability to hibernate.

I think that this is no longer true, but I don't want to edit the wiki without clarifying some details.
I discovered the active kASRL when I spun up a qemu vm with Ubuntu 20.04, all defaults and ran volatility3 on a memory dump. On the vm itself the kernel params do not mention kASLR / Kernel hardening:

cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-5.4.0-58-generic root=UUID=eb6426f9-969b-4ce8-a690-ef87e410d5bf ro quiet splash vt.handoff=7

I also found this somewhere as a supposedly reliable way to tell if kASLR is on:
cat /proc/sys/kernel/randomize_va_space
2

I asked a colleague who runs his ubuntu 20.04 directly on his laptop
for his cmdline and randomize_va_space, same results. He said he did
not knowingly touch any settings regarding kASLR.

Now, it seems like at some point kASLR became on by default. But I am
not really sure whether it still affects hibernation? I can't find
anything reliable on the wiki. My colleague is not sure whether he
disabled hibernation for different reasons or whether it was disabled
in the first place and I don't want to use my vm as reference, since
its not necessarily a "typical environment".

Note, the answers here should be updated as well, since checking the
kernel params will no longer be reliable.
https://askubuntu.com/questions/704640/how-to-detect-in-runtime-is-
kaslr-enabled-or-disabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

References

[Bug 1912614] [NEW] kASLR incorrectly described as disabled by default in Security/Features
From: lo-na-aleim, 2021-01-21