trivial: doc: document missing value 2 for randomize-va-space

The documentation for /proc/sys/kernel/* does not mention the possible
value 2 for randomize-va-space yet.  While being there, doing some
reformatting, fixing grammar problems and clarifying the correlations
between randomize-va-space, kernel parameter "norandmaps" and the
CONFIG_COMPAT_BRK option.

Signed-off-by: Horst Schirmeier <horst@schirmeier.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This commit is contained in:
Horst Schirmeier 2009-07-03 14:20:17 +02:00 committed by Jiri Kosina
parent 627df23c61
commit b7f5ab6fbb
1 changed files with 17 additions and 13 deletions

View File

@ -319,25 +319,29 @@ This option can be used to select the type of process address
space randomization that is used in the system, for architectures
that support this feature.
0 - Turn the process address space randomization off by default.
0 - Turn the process address space randomization off. This is the
default for architectures that do not support this feature anyways,
and kernels that are booted with the "norandmaps" parameter.
1 - Make the addresses of mmap base, stack and VDSO page randomized.
This, among other things, implies that shared libraries will be
loaded to random addresses. Also for PIE-linked binaries, the location
of code start is randomized.
loaded to random addresses. Also for PIE-linked binaries, the
location of code start is randomized. This is the default if the
CONFIG_COMPAT_BRK option is enabled.
With heap randomization, the situation is a little bit more
complicated.
There a few legacy applications out there (such as some ancient
2 - Additionally enable heap randomization. This is the default if
CONFIG_COMPAT_BRK is disabled.
There are a few legacy applications out there (such as some ancient
versions of libc.so.5 from 1996) that assume that brk area starts
just after the end of the code+bss. These applications break when
start of the brk area is randomized. There are however no known
non-legacy applications that would be broken this way, so for most
systems it is safe to choose full randomization. However there is
a CONFIG_COMPAT_BRK option for systems with ancient and/or broken
binaries, that makes heap non-randomized, but keeps all other
parts of process address space randomized if randomize_va_space
sysctl is turned on.
systems it is safe to choose full randomization.
Systems with ancient and/or broken binaries should be configured
with CONFIG_COMPAT_BRK enabled, which excludes the heap from process
address space randomization.
==============================================================