Increase mmap randomization to the maximum supported value

There are now two sysctls which can be used to tweak the amount of randomization for mmap calls. The defaults are 28 bits for 64 bit binaries, and a mere 8 bits for 32 bit binaries. These can be increased to 32 bits and 16 bits, respectively, via the vm.mmap_rnd_bits and vm.mmap_rnd_compat_bits sysctls.

This change won’t cause any incompatibility issues. The only reason the default is lower than the maximum is to be very conservative to reduce address space fragmentation, which isn’t going to be an issue for Tails users.

More information about the sysctls:
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1040995.html

Feature Branch: feature/11840-improve-aslr-for-mmap

Related issues

Related to #11886 (closed)
Blocks #13234 (closed)

Original created by @cypherpunks on 11840 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information