Commit a747091c authored by intrigeri's avatar intrigeri

Increase mmap randomization to the maximum supported value (refs: #11840).

This improves ASLR effectiveness, and makes address-space fragmentation
a bit worse.
parent 6f1bd224
vm.mmap_rnd_bits=32
vm.mmap_rnd_compat_bits=16
......@@ -93,3 +93,10 @@ kernel address map from some external source. This is not hard, but
certainly not all malware has such functionality.
For this reason, we also make sure to purge `/boot/System.map`.
#### `vm.mmap_rnd_bits`, `vm.mmap_rnd_compat_bits`
These settings are
[[!tails_gitweb config/chroot_local-includes/etc/sysctl.d/mmap_aslr.conf desc="set to the maximum supported value"]]
in order to improve ASLR effectiveness for mmap, at the cost of
increased address-space fragmentation.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment