Bug 1282518 - kernel: provide PID randomization and enable it by default
kernel: provide PID randomization and enable it by default
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-16 11:28 EST by Florian Weimer
Modified: 2016-05-27 15:49 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-27 10:17:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2015-11-16 11:28:05 EST
It would be nice if the kernel could randomize PID (and TID) values by default.

We could use a random TIDs to support mutex hardening in glibc, detecting overwritten mutexes before using data in them in ways that could further corrupt the running process in an attacker-controlled way.
Comment 1 Josh Boyer 2015-11-16 11:30:24 EST
This discussion needs to happen upstream.
Comment 2 Pavel Raiskup 2016-05-27 15:31:54 EDT
Can you please post a link(s) to upstream discussion(s)?
Comment 3 Josh Boyer 2016-05-27 15:49:48 EDT
(In reply to Pavel Raiskup from comment #2)
> Can you please post a link(s) to upstream discussion(s)?

There aren't any that I'm aware of.  Our team doesn't have time to work on this feature, and it needs to be done upstream.

Note You need to log in before you can comment on or make changes to this bug.