← Back to team overview

documentation-packages team mailing list archive

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features


Thanks for the corrections, lo-na-aleim. We've updated the wiki page to
reflect the KASLR features as they stand currently.

This wiki page is programmatically constructed: hand edits wouldn't
survive in the long run.

Note that the /proc/sys/kernel/randomize_va_space controls whether or
not the brk address space within userspace processes should be
randomized. Quoting from the Linux kernel source file init/Kconfig:

          Randomizing heap placement makes heap exploits harder, but it
          also breaks ancient binaries (including anything libc5 based).
          This option changes the bootup default to heap randomization
          disabled, and can be overridden at runtime by setting
          /proc/sys/kernel/randomize_va_space to 2.

I don't know off-hand a reliable programmatic tool available to
determine that the kernel has booted into a randomized base location, or
whether it randomizes memory slabs, etc. The /boot/config* files by
convention show the configuration of the kernel, but local
administrators may not observe this convention if they replace the


** Changed in: ubuntu-docs (Ubuntu)
       Status: New => Fix Released

You received this bug notification because you are a member of
Documentation Packages, which is subscribed to ubuntu-docs in Ubuntu.

  kASLR incorrectly described as disabled by default in

Status in ubuntu-docs package in Ubuntu:
  Fix Released

Bug description:
  According to: https://wiki.ubuntu.com/Security/Features kASLR is disabled by default. Additionally,
  it is reported that enabling kASLR will disable the ability to hibernate.

  I think that this is no longer true, but I don't want to edit the wiki without clarifying some details.
  I discovered the active kASRL when I spun up a qemu vm with Ubuntu 20.04, all defaults and ran volatility3 on a memory dump. On the vm itself the kernel params do not mention kASLR / Kernel hardening:

  cat /proc/cmdline
  BOOT_IMAGE=/boot/vmlinuz-5.4.0-58-generic root=UUID=eb6426f9-969b-4ce8-a690-ef87e410d5bf ro quiet splash vt.handoff=7

  I also found this somewhere as a supposedly reliable way to tell if kASLR is on:
  cat /proc/sys/kernel/randomize_va_space

  I asked a colleague who runs his ubuntu 20.04 directly on his laptop
  for his cmdline and randomize_va_space, same results. He said he did
  not knowingly touch any settings regarding kASLR.

  Now, it seems like at some point kASLR became on by default. But I am
  not really sure whether it still affects hibernation? I can't find
  anything reliable on the wiki. My colleague is not sure whether he
  disabled hibernation for different reasons or whether it was disabled
  in the first place and I don't want to use my vm as reference, since
  its not necessarily a "typical environment".

  Note, the answers here should be updated as well, since checking the
  kernel params will no longer be reliable.

To manage notifications about this bug go to: