On Wed, 2024-07-10 at 17:39 -0400, Will Dormann wrote:
> Linux 6.9.7 was released in June2024, and the patches for CVE-2024-26621
> went in months before that. This behavior matches my 3rd bullet point
> above, so I think everything is as expected here. ("... will randomize
> the load address of large libraries loaded by 32-bit apps.")
Right.
>
> If you want to see the lack of randomization, try the test with an x86
> kernel, not amd64.
I don't have one at hand unfortunately, but I'll try setting up a VM or
something just to be sure. Thanks.
I think there are not a lof of *modern* IA-32 installations, especially on
“generic” distributions, but there might still be some in network appliances
or something.
I guess setting vm.mmap_rnd_bits (or CONFIG_ARCH_MMAP_RND_BITS) to 16 at least
helps on those platforms (like they did on Ubuntu) but I wonder if a fix (or a
revert) in the kernel would be better (do we really need the alignment perfs
on IA-32 kernels?)
Regards,
--
Yves-Alexis
