Kernel Tweaks: kernel.randomize_va_space

The purpose of this particular tunable, is to attempt to make it difficult for possible exploits to be found in memory.  It makes use of something called ASLR (Address Space Layout Randomizer).  It will attempt to randomly allocate memory for processes and all associated elements for a process to run (i.e. shared libraries).

It can be in set to one of three states;

  • 0 – Completely disabled
  • 1 – Partially enabled (does not provide complete protection)
  • 2 – Complete randomisation of memory allocation to processes

Now, I’m not going to pretend to know everything, But it should also be noted that processes will need to be compiled with appropriate options set to allow them to function with memory being allocated in this way.

For a good explanation of what this covers and how to benefit from it see http://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/

For Fedora 22 this parameter is enabled and set to the value of “2”.

[toby@thebay ~]$ sudo sysctl kernel.randomize_va_space
kernel.randomize_va_space = 2

 

 

Leave a Reply