documentation-packages team mailing list archive

Thread
Date

[Bug 1912614] Re: kASLR incorrectly described as disabled by default in Security/Features

To: documentation-packages@xxxxxxxxxxxxxxxxxxx
From: Gunnar Hjalmarsson <1912614@xxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Jan 2021 13:32:02 -0000
Reply-to: Bug 1912614 <1912614@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

On 2021-01-22 14:09, lo-na-aleim wrote:
> Sorry for reaching out in the wrong place.

No problem.

> I guess the right place for this would have been the mailing list?

Yeah, maybe..

> I started from:
> https://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation Section
> "How can I help?" gave me the impression that Proof-reading and
> continuing with "Send in a bug report"
> (https://help.ubuntu.com/community/ReportingBugs) was the way of
> communicating errors in the wiki.

TBH the information about how to point out errors in or discuss various
sets of documentation leaves room for improvement. Hopefully we'll find
the resources to do something about that going forward.

-- 
You received this bug notification because you are a member of
Documentation Packages, which is subscribed to ubuntu-docs in Ubuntu.
https://bugs.launchpad.net/bugs/1912614

Title:
  kASLR incorrectly described as disabled by default in
  Security/Features

Status in ubuntu-docs package in Ubuntu:
  Fix Released

Bug description:
  According to: https://wiki.ubuntu.com/Security/Features kASLR is disabled by default. Additionally,
  it is reported that enabling kASLR will disable the ability to hibernate.

  I think that this is no longer true, but I don't want to edit the wiki without clarifying some details.
  I discovered the active kASRL when I spun up a qemu vm with Ubuntu 20.04, all defaults and ran volatility3 on a memory dump. On the vm itself the kernel params do not mention kASLR / Kernel hardening:

  cat /proc/cmdline
  BOOT_IMAGE=/boot/vmlinuz-5.4.0-58-generic root=UUID=eb6426f9-969b-4ce8-a690-ef87e410d5bf ro quiet splash vt.handoff=7

  I also found this somewhere as a supposedly reliable way to tell if kASLR is on:
  cat /proc/sys/kernel/randomize_va_space
  2

  I asked a colleague who runs his ubuntu 20.04 directly on his laptop
  for his cmdline and randomize_va_space, same results. He said he did
  not knowingly touch any settings regarding kASLR.

  Now, it seems like at some point kASLR became on by default. But I am
  not really sure whether it still affects hibernation? I can't find
  anything reliable on the wiki. My colleague is not sure whether he
  disabled hibernation for different reasons or whether it was disabled
  in the first place and I don't want to use my vm as reference, since
  its not necessarily a "typical environment".

  Note, the answers here should be updated as well, since checking the
  kernel params will no longer be reliable.
  https://askubuntu.com/questions/704640/how-to-detect-in-runtime-is-
  kaslr-enabled-or-disabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-docs/+bug/1912614/+subscriptions

References

[Bug 1912614] [NEW] kASLR incorrectly described as disabled by default in Security/Features
From: lo-na-aleim, 2021-01-21