Need info about kernel file "randomize_va_space"

Issues related to applications and software problems
Post Reply
shagun
Posts: 43
Joined: 2016/11/04 12:30:30

Need info about kernel file "randomize_va_space"

Post by shagun » 2019/06/25 06:56:39

Hi,

The file "/proc/sys/kernel/randomize_va_space" has write permission for user as below:
[root@shagun ~]# ls -lrtZ /proc/sys/kernel/randomize_va_space
rw-r--r--. root root system_u:object_r:proc_security_t:s0 /proc/sys/kernel/randomize_va_space

If we want to change this permission to read only permission for the user. Is it possible?

And i found the code also:

kernel/sysctl.c @@ -1130,7 +1130,11 @@ static struct ctl_table kern_table[] = { .procname = "randomize_va_space", .data = &randomize_va_space, .maxlen = sizeof(int), +#ifdef CONFIG_ASLR_SYSCTL_READ_ONLY + .mode = 0444, +#else .mode = 0644, +#endif

can we make it as 0444, currently randomize_va_space is 644?

Please suggest.

Regards,
Shagun



can we make it as 0444, currently randomize_va_space is 644

shagun
Posts: 43
Joined: 2016/11/04 12:30:30

Re: Need info about kernel file "randomize_va_space"

Post by shagun » 2019/06/27 03:05:16

Please suggest that it is OK to change the permission for users as a read only of this file.

Regards,
Shagun

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: Need info about kernel file "randomize_va_space"

Post by chemal » 2019/06/27 03:58:52

What for? Root has full access to any file reagrdless of permissions.

shagun
Posts: 43
Joined: 2016/11/04 12:30:30

Re: Need info about kernel file "randomize_va_space"

Post by shagun » 2019/06/28 04:46:29

Because While running dASLR tool, "randomize_va_space unconfigurable" test in "Kernel Check" is FAILED.

As per support for dASLR tool, "randomize_va_space_unconfigurable" fail means that "/proc/sys/kernel/randomize_va_space" has write permission.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Need info about kernel file "randomize_va_space"

Post by TrevorH » 2019/06/28 12:05:43

I cannot find this 'dASLR' tool anywhere on google. Where did you get it from? Who makes it? Are you sure its results are useful or even meaningful? I have checked a Debian system running a 4.14 kernel and the permissions on "/proc/sys/kernel/randomize_va_space" are still 644. The only thing that says that is incorrect is your unknown tool.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Need info about kernel file "randomize_va_space"

Post by hunter86_bg » 2019/06/28 17:50:26

Most probably the tool got access denied by SELINUX.

Check the /var/log/audit/audit.log for AVC denials , or test with 'setenforce 0' .

Do not disable SELINUX, as you will not get the necessary data that will allow your tool to access the /proc filesystem properly.

Once over, switch to 'setenforce 1' and then you can analyze via "sealert -a /var/log/audit/audit.log"

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Need info about kernel file "randomize_va_space"

Post by TrevorH » 2019/06/28 19:23:21

The "file" is in /proc which means it's not a real file but a kernel construct. It has fixed ownership/permssions, defined in the kernel source and compiled in. I have checked the distro kernel, a Debian 4.14 kernel and the latest 5.1.15 ELRepo kernel-ml and all of them define the "file" in the same way with the same permissions.

The tool is either broken or the authors need to send a PR to Linus to get the mainline kernel source "fixed" though I am already fairly sure that it is correct and the tool is wrong.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply