Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
System Settings
Kernel Configuration
Disable compatibility with brk()
Disable compatibility with brk()
An XCCDF Rule
Details
Profiles
Prose
Disable compatibility with brk()
Medium Severity
Enabling compatiliby with
brk()
allows legacy binaries to run (i.e. those linked against libc5). But this compatibility comes at the cost of not being able to randomize the heap placement (ASLR). Unless legacy binaries need to run on the system, set
CONFIG_COMPAT_BRK
to
"n"
. The configuration that was used to build kernel is available at
/boot/config-*
. To check the configuration value for
CONFIG_COMPAT_BRK
, run the following command:
grep CONFIG_COMPAT_BRK /boot/config-*
Configs with value 'n' are not explicitly set in the file, so either commented lines or no lines should be returned.