Merge pull request #124 from JeremyRand/doc-aslr

README: Document mmap-rnd-bits
2025-01-27 04:17:00 -05:00 · 2023-05-15 07:34:00 -04:00 · 2023-05-15 07:34:00 -04:00 · d66a9bac55
commit d66a9bac55
parent 6511dac1d4 9d23717b6d
1 changed files with 7 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -37,9 +37,6 @@ often abused to exploit use-after-free flaws.
 * Kexec is disabled as it can be used to load a malicious kernel and gain
 arbitrary code execution in kernel mode.

-* The bits of entropy used for mmap ASLR are increased, therefore improving
-its effectiveness.
-
 * Randomises the addresses for mmap base, heap, stack, and VDSO pages.

 * Prevents unintentional writes to attacker-controlled files.
@ -54,6 +51,13 @@ prevents writing potentially sensitive contents of memory to disk.

 * TCP timestamps are disabled as it can allow detecting the system time.

+### mmap ASLR
+
+* The bits of entropy used for mmap ASLR are maxed out via
+`/usr/libexec/security-misc/mmap-rnd-bits` (set to the values of
+`CONFIG_ARCH_MMAP_RND_BITS_MAX` and `CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX` that
+the kernel was built with), therefore improving its effectiveness.
+
 ### Boot parameters

 Boot parameters are outlined in configuration files located in the