diff -uNrp kernel-3.2.fc16.orig/arch/x86/mm/mmap.c kernel-3.2.fc16.new/arch/x86/mm/mmap.c
--- kernel-3.2.fc16.orig/arch/x86/mm/mmap.c	2012-03-19 16:47:03.495169091 -0400
+++ kernel-3.2.fc16.new/arch/x86/mm/mmap.c	2012-03-19 16:50:03.574168052 -0400
@@ -106,6 +106,10 @@ static unsigned long mmap_legacy_base(vo
                return TASK_UNMAPPED_BASE + mmap_rnd();
 }

+#ifdef CONFIG_X86_32
+  #define SHLIB_BASE             0x00111000
+#endif
+
 /*
  * This function, called very early during the creation of a new
  * process VM image, sets up which VM layout function to use:
@@ -126,8 +126,10 @@ void arch_pick_mmap_layout(struct mm_str
 #ifdef CONFIG_X86_32
 		if (!(current->personality & READ_IMPLIES_EXEC)
 		    && !(__supported_pte_mask & _PAGE_NX)
-		    && mmap_is_ia32())
+		    && mmap_is_ia32()) {
+			mm->shlib_base = SHLIB_BASE + mmap_rnd();
 			mm->get_unmapped_exec_area = arch_get_unmapped_exec_area;
+		}
 #endif
 		mm->unmap_area = arch_unmap_area_topdown;
 	}
diff -uNrp kernel-3.2.fc16.orig/include/linux/mm_types.h kernel-3.2.fc16.new/include/linux/mm_types.h
--- kernel-3.2.fc16.orig/include/linux/mm_types.h	2012-03-19 16:46:47.382169153 -0400
+++ kernel-3.2.fc16.new/include/linux/mm_types.h	2012-03-19 16:50:40.738168219 -0400
@@ -300,6 +300,7 @@ struct mm_struct {
 	void (*unmap_area) (struct mm_struct *mm, unsigned long addr);
 #endif
 	unsigned long mmap_base;		/* base of mmap area */
+	unsigned long shlib_base;		/* base of lib map area (ASCII armour)*/
 	unsigned long task_size;		/* size of task vm space */
 	unsigned long cached_hole_size; 	/* if non-zero, the largest hole below free_area_cache */
 	unsigned long free_area_cache;		/* first hole of size cached_hole_size or larger */
diff -uNrp kernel-3.2.fc16.orig/mm/mmap.c kernel-3.2.fc16.new/mm/mmap.c
--- kernel-3.2.fc16.orig/mm/mmap.c	2012-03-19 16:46:15.791169274 -0400
+++ kernel-3.2.fc16.new/mm/mmap.c	2012-03-19 16:51:37.351166875 -0400
@@ -1594,8 +1594,6 @@ static bool should_randomize(void)
 		!(current->personality & ADDR_NO_RANDOMIZE);
 }
 
-#define SHLIB_BASE	0x00110000
-
 unsigned long
 arch_get_unmapped_exec_area(struct file *filp, unsigned long addr0,
 		unsigned long len0, unsigned long pgoff, unsigned long flags)
@@ -1612,8 +1610,8 @@ arch_get_unmapped_exec_area(struct file
 		return addr;
 
 	if (!addr)
-		addr = !should_randomize() ? SHLIB_BASE :
-			randomize_range(SHLIB_BASE, 0x01000000, len);
+		addr = !should_randomize() ? mm->shlib_base :
+			randomize_range(mm->shlib_base, 0x01000000, len);
 
 	if (addr) {
 		addr = PAGE_ALIGN(addr);
@@ -1623,7 +1621,7 @@ arch_get_unmapped_exec_area(struct file
 			return addr;
 	}
 
-	addr = SHLIB_BASE;
+	addr = mm->shlib_base;
 	for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
 		/* At this point:  (!vma || addr < vma->vm_end). */
 		if (TASK_SIZE - len < addr)