- Linux added kaslr a while ago, in 3.14.
- It was enabled via
kaslron the kernel command line.
- kaslr wasn’t compatible with hibernation, originally. This appears to have changed in 4.8.
- It was enabled by default in 4.12, with
nokaslrto disable it.
- kaslr support is compiled in by
- Ubuntu 18.04 LTS (bionic) has that setting enabled in the generic and aws kernels, which are based on 4.15.
/etc/default/grubmay be useless on Ubuntu for setting command line flags.
Under the hood, there are “up to” 512 base addresses for the kernel (depending on the specific machine’s memory map), and kaslr decompresses the image into a random available one during bootup. This puts the base kernel “somewhere” in a 1 GB-sized area, aligned at 2 MB.
The kernel command line is available in
/proc/cmdline. However, it didn’t have my
kaslrcustomization, which sent me on a quest. I discovered that Debian/Ubuntu configure a bunch of scripts to produce the final grub configuration file, using
/etc/default/grub.d/*.cfg. These are processed after
/etc/default/grub. There turned out to be a “cfg” file that unconditionally replaced
GRUB_CMDLINE_LINUX_DEFAULT, which is where I had put our
kaslrflag. This affected both of our instance types: VirtualBox appeared to have one unintentionally left over from the installer, while AWS had one placed there as part of the cloud image build.
But given that kaslr appears to be default, instead of setting up a local configuration file, I ended up removing the code that was trying in vain to set