← Back to team overview

kernel-packages team mailing list archive

[Bug 1573848] [NEW] KASLR should be enabled by default (x86)

 

Public bug reported:

Kernel Address Space Layout Randomization (KASLR) can make it harder to
accomplish kernel security vulnerability exploits, especially during
remote attacks or attacks from containers. On x86, KASLR has a run-time
conflict with Hibernation, and currently the kernel selects Hibernation
instead of KASLR unless the "kaslr" kernel command line option is given
at boot time. Since the Unity desktop disabled access to Hibernation by
default and cloud images don't use Hibernation, it would make sense to
make KASLR enabled by default on Ubuntu. Those wishing to use
Hibernation could just provide the "nokaslr" kernel command line option
to flip the preference back.

A patch to implement this already exists:
https://lkml.org/lkml/2016/4/6/637

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: patch

** Tags added: patch

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1573848

Title:
  KASLR should be enabled by default (x86)

Status in linux package in Ubuntu:
  New

Bug description:
  Kernel Address Space Layout Randomization (KASLR) can make it harder
  to accomplish kernel security vulnerability exploits, especially
  during remote attacks or attacks from containers. On x86, KASLR has a
  run-time conflict with Hibernation, and currently the kernel selects
  Hibernation instead of KASLR unless the "kaslr" kernel command line
  option is given at boot time. Since the Unity desktop disabled access
  to Hibernation by default and cloud images don't use Hibernation, it
  would make sense to make KASLR enabled by default on Ubuntu. Those
  wishing to use Hibernation could just provide the "nokaslr" kernel
  command line option to flip the preference back.

  A patch to implement this already exists:
  https://lkml.org/lkml/2016/4/6/637

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1573848/+subscriptions


Follow ups