Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp559820rwr; Fri, 5 May 2023 01:10:28 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ44z0DvooEhddrLrUwJxjFx0/1DE4W77Ud97OD6O7+6YRR7rd9gB51xPvTK7vDm4U7G6scP X-Received: by 2002:a17:902:7481:b0:1a9:7e26:d72 with SMTP id h1-20020a170902748100b001a97e260d72mr626791pll.9.1683274228163; Fri, 05 May 2023 01:10:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683274228; cv=none; d=google.com; s=arc-20160816; b=uXdeg20sOLFcK7/YjOl5KQ4rvsH68LLtUypHhFWH5db6Xqh1rb7+zI/hGUFK9LjvVo 6zpXdae8eb2AEhMboCk8SJOq6kkTDEjTtIYRbrblnz5/EaMEJp5oQJLobMgDknuQCd9p 119qh8HfCdIIM1E+/Olve3UUIURng+LSoyko0akCGIhBeLcEP7sABnT5mZVLTSDPVV2s bxNXm0eLShfWDzA8FzZghZujb0yttz4dp08lFGY/mE2oCQDdv447rgjX3ZtmlXDefUAR 37h584jZ9FBYsbAu6PtTempyz0kcHTmHoWFszVV8zTlYWsVy4DuMGABe1yf2mdbWEYqa JaVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:in-reply-to:date:subject :cc:to:from:user-agent:references; bh=jkvS/4Efp2VnUpOHThTDGN/P8qkhDXiRF/v5BQpWLQA=; b=TvPqbILLD+YM3AvEP2IvWvN1ltz0dwPFPHDkBPNC7ioV9KV2RAsLzlNp8MHZ26fsvP WKTlBLgd9B/KrlKJjNBDMw2q+bZLJLf4xQN5zoHpZ07F8sadl7DhmP/w2a3HjfcfBctN UXxfOvYO6xJlWKkokE4DPH993SUeBMP7Tz6fQUxe8f/JVJOy8i5Gf0plLwuOgZwAtRbI IdyGHfNV4fVOwYxlbpukJIEq+0IPgIu0tQMd5nI3eqwwHF1GK/+umCJ0fwzXJTU67Kww NQKCwI9+X5tOU8i3wUQrhmBYog+YPhRBp8/tu0dCP6N0/OXlnRB3E506ufM1WPFrvgbg 4S0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gentoo.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q9-20020a170902bd8900b001a6bda7f476si1090731pls.468.2023.05.05.01.10.11; Fri, 05 May 2023 01:10:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gentoo.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231386AbjEEHrp (ORCPT + 99 others); Fri, 5 May 2023 03:47:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37174 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229807AbjEEHro (ORCPT ); Fri, 5 May 2023 03:47:44 -0400 Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C8B1156BE; Fri, 5 May 2023 00:47:43 -0700 (PDT) References: <20230504213002.56803-1-michael.mccracken@gmail.com> User-agent: mu4e 1.10.3; emacs 29.0.90 From: Sam James To: David Hildenbrand Cc: Michael McCracken , linux-kernel@vger.kernel.org, serge@hallyn.com, tycho@tycho.pizza, Luis Chamberlain , Kees Cook , Iurii Zaikin , Andrew Morton , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, kernel-hardening@lists.openwall.com Subject: Re: [PATCH] sysctl: add config to make randomize_va_space RO Date: Fri, 05 May 2023 08:46:41 +0100 In-reply-to: Message-ID: <87pm7f9q3q.fsf@gentoo.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-=-= Content-Type: text/plain David Hildenbrand writes: > On 04.05.23 23:30, Michael McCracken wrote: >> Add config RO_RANDMAP_SYSCTL to set the mode of the randomize_va_space >> sysctl to 0444 to disallow all runtime changes. This will prevent >> accidental changing of this value by a root service. >> The config is disabled by default to avoid surprises. > > Can you elaborate why we care about "accidental changing of this value > by a root service"? > > We cannot really stop root from doing a lot of stupid things (e.g., > erase the root fs), so why do we particularly care here? (I'm really not defending the utility of this, fwiw). In the past, I've seen fuzzing tools and other debuggers try to set it, and it might be that an admin doesn't realise that. But they could easily set other dangerous settings unsuitable for production, so... --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iOUEARYKAI0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCZFS0mV8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MA8cc2FtQGdlbnRv by5vcmcACgkQc4QJ9SDfkZAf4wEAz3Kkey3pguBXyIJfqK+FI8qjiLI6X7SH6YJt YEPU6oUBAMssaGW+4GhiA6nNxReLZcz2PFxEEi9/os6YSrEBD9UP =65gP -----END PGP SIGNATURE----- --=-=-=--