What happens if we run the kernel with "vsyscall=none" being added to the cmdline for hardening?
Issue
- What happens if we run the kernel with "vsyscall=none" being added to the cmdline for hardening?
- It is stated in the kernel documentation that it might break my system if vsyscall is none. What actually is broken with "vsyscall=none"?
vsyscall= [X86-64]
Controls the behavior of vsyscalls (i.e. calls to
fixed addresses of 0xffffffffff600x00 from legacy
code). Most statically-linked binaries and older
versions of glibc use these calls. Because these
functions are at fixed addresses, they make nice
targets for exploits that can control RIP.
emulate [default] Vsyscalls turn into traps and are
emulated reasonably safely.
native Vsyscalls are native syscall instructions.
This is a little bit faster than trapping
and makes a few dynamic recompilers work
better than they would in emulation mode.
It also makes exploits much easier to write.
none Vsyscalls don't work at all. This makes
them quite hard to use for exploits but
might break your system.
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.