From: Emmanuel Fleury <emmanuel.fleury@labri.fr>
To: Linux Kernel <linux-kernel@vger.kernel.org>
Subject: Re: How to enable/disable security features on mmap() ?
Date: Thu, 08 Dec 2005 16:29:51 +0100 [thread overview]
Message-ID: <4398516F.1020101@labri.fr> (raw)
In-Reply-To: <Pine.LNX.4.61.0512081011020.32448@chaos.analogic.com>
linux-os (Dick Johnson) wrote:
>
> In reference to the random-stack patch....
>
> Executing the following program on linux-2.6.13.4:
>
> #include <stdio.h>
>
> int main()
> {
> int foo;
> printf("%p\n", &foo);
> return 0;
> }
>
> ... a few thousand times and sorting its output shows
> the stack varies from:
> 0xbf7fe144 -> 0xbffff674
>
> Isn't this too much? I thought the random-stack patch was
> only supposed to vary it a page or 64k at most. This looks
> like some broken logic because it varies almost 8 megabytes!
> No wonder some of my user's database programs sometimes seg-fault
> and other times work perfectly fine. I think this is incorrect
> and shows a serious bug (misbehavior).
Well, there are some other strangeness (especially when running on a
x86_64 architecture). See:
http://dept-info.labri.fr/~fleury/LS05/download/papers/notes_on_ASLR.txt
The ASLR should take advantage of the 64 bits wide address pointers but
doesn't. It behaves as on a 32bits architecture. I didn't find why (must
be a good reason though but I'm just puzzled).
Moreover, the libc location (and all other dynamic libs) is not
randomized under x86_64. I have no explanation for this. :-/
Regards
--
Emmanuel Fleury
I worry about my child and the Internet all the time, even though
she's too young to have logged on yet. Here's what I worry about.
I worry that 10 or 15 years from now, she will come to me and say
'Daddy, where were you when they took freedom of the press away
from the Internet?'.
-- Mike Godwin
next prev parent reply other threads:[~2005-12-08 15:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-08 14:10 How to enable/disable security features on mmap() ? Emmanuel Fleury
2005-12-08 14:14 ` Arjan van de Ven
2005-12-08 14:21 ` Emmanuel Fleury
2005-12-08 14:39 ` Emmanuel Fleury
2005-12-08 14:49 ` Arjan van de Ven
2005-12-08 14:54 ` Emmanuel Fleury
2005-12-08 15:02 ` Emmanuel Fleury
2005-12-08 15:16 ` linux-os (Dick Johnson)
2005-12-08 15:29 ` Emmanuel Fleury [this message]
2005-12-08 15:39 ` Arjan van de Ven
2005-12-08 16:42 ` Nix
2005-12-08 15:37 ` Arjan van de Ven
2005-12-08 16:08 ` linux-os (Dick Johnson)
2005-12-08 16:14 ` Arjan van de Ven
2005-12-08 16:24 ` linux-os (Dick Johnson)
2005-12-08 16:35 ` Arjan van de Ven
2005-12-08 16:20 ` Xavier Bestel
2005-12-08 16:21 ` Arjan van de Ven
2005-12-08 16:30 ` linux-os (Dick Johnson)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4398516F.1020101@labri.fr \
--to=emmanuel.fleury@labri.fr \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.