Bug 12363 - CONFIG_RANDOMIZE_BASE is disabled on aarch64
Summary: CONFIG_RANDOMIZE_BASE is disabled on aarch64
Status: CLOSED FIXED
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: unspecified All
: Will only affect a few users Security
Assignee: Peter Müller
QA Contact: Arne.F
URL:
Keywords:
Depends on:
Blocks: KERNSEC
  Show dependency treegraph
 
Reported: 2020-04-14 15:17 UTC by Peter Müller
Modified: 2022-09-16 09:23 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2020-04-14 15:17:42 UTC 
Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Critical
>
> In support of Kernel Address Space Layout Randomization (KASLR) this randomizes
> the physical address at which the kernel image is decompressed and the virtual
> address where the kernel image is mapped as a security feature that deters
> exploit attempts relying on knowledge of the location of kernel code internals.

IMHO this is safe to be enabled on any architecture.
Comment 1 Peter Müller 2020-06-07 16:49:58 UTC 
Patch for aarch64: https://patchwork.ipfire.org/patch/3162/
Comment 2 Peter Müller 2020-06-07 16:50:41 UTC 
@Arne: Since I am not sure on whether enabling this on armv5tel, I would like to assign this bug to you.
Comment 3 Peter Müller 2020-06-09 17:20:11 UTC 
Patch for armv5tel: https://patchwork.ipfire.org/patch/3172/
Comment 6 Arne.F 2022-08-02 15:45:43 UTC 
Short test on an RPi3 works now.