Now that initial ASLR support has landed, it would be nice to expose it via the kernel.randomize_va_space sysctl in LX.
Former user commented on 2016-12-29T19:44:23.000-0500:
Dillon did some research on the default ASLR behavior in Linux:
It looks like on linux, randomize_vaspace has been default to 2 when building the kernel since commit 32a932332c8bad842804842eaf9651ad6268e637 in 2008. Before that it defaulted to 1 in the same way.
I checked Alpine Standard 3.5.0, Ubuntu 14.04, Ubuntu 16.04, Centos 6, and Centos 7. They all were set to 2, as far as I can tell due to the kernel default. None had entries in /etc/sysctl.conf (or anywhere else in /etc)
In addition I searched the source of systemd for references to randomize_vaspace, which did not turn anything up.
As a result, I believe this should be safe to integrate. I also believe SmartOS should default LX zones to having security-flags.default=aslr (at minimum), which will need to be done in smartos (vmapi?) as opposed to illumos-joyent
According to 'git tag --contains', 2.6.25 was the first release with VA randomization enabled by default.