Increase mmap randomization to the maximum supported value
There are now two sysctls which can be used to tweak the amount of randomization for mmap calls. The defaults are 28 bits for 64 bit binaries, and a mere 8 bits for 32 bit binaries. These can be increased to 32 bits and 16 bits, respectively, via the vm.mmap_rnd_bits and vm.mmap_rnd_compat_bits sysctls.
This change won’t cause any incompatibility issues. The only reason the default is lower than the maximum is to be very conservative to reduce address space fragmentation, which isn’t going to be an issue for Tails users.
More information about the sysctls:
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1040995.html
Feature Branch: feature/11840-improve-aslr-for-mmap
Related issues
- Related to #11886 (closed)
- Blocks #13234 (closed)
Original created by @cypherpunks on 11840 (Redmine)