From: Vasiliy Kulikov <segoon@openwall.com>
To: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] base address for shared libs
Date: Fri, 12 Aug 2011 12:20:24 +0400 [thread overview]
Message-ID: <20110812082024.GA8785@albatros> (raw)
In-Reply-To: <20110812042135.GA5149@openwall.com>
Solar,
On Fri, Aug 12, 2011 at 08:21 +0400, Solar Designer wrote:
[...]
> I think this should be configurable in the 0 to 19 bits range.
[...]
Yes, I agree this is a trade-off and depends on program needs (address
space size) and security threads.
However, some upstream guys don't agree it should be configurable:
https://lkml.org/lkml/2006/5/19/219
https://lkml.org/lkml/2006/5/22/207:
"Because if it is configurable, someone _will_ configure it wrong, and
then ask us why it does not work."
And similar.
Probably it worth trying to bring up the discussion of configurable ASLR
entropy again - the code to configure it is simple anyway. However, I
expect one nasty answer: "everybody should use x86-64 for good ASLR and
other things, for x86-32 it is bad anyway, so don't bother to fix things
broken by design."
So, to summarize:
For upstream we want to start mmap addresses allocation from 0x1100000,
bottom up. Probably, make entropy configurable.
For Owl we want to make entropy size configurable. Depending on the
entropy, use ASCII-armor or fallback to the default allocator
instantly.
Correct?
--
Vasiliy
next prev parent reply other threads:[~2011-08-12 8:20 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-23 16:22 [kernel-hardening] base address for shared libs Solar Designer
2011-07-24 8:51 ` Vasiliy Kulikov
2011-07-24 14:27 ` Solar Designer
2011-07-24 18:18 ` Vasiliy Kulikov
2011-07-25 19:20 ` Vasiliy Kulikov
2011-08-11 8:32 ` Vasiliy Kulikov
2011-08-12 3:57 ` Solar Designer
2011-08-12 4:21 ` Solar Designer
2011-08-12 8:20 ` Vasiliy Kulikov [this message]
2011-08-12 9:20 ` Solar Designer
2011-08-12 9:52 ` Vasiliy Kulikov
2011-08-12 10:04 ` Solar Designer
2011-08-12 10:06 ` Vasiliy Kulikov
2011-07-29 9:27 ` Vasiliy Kulikov
2011-07-30 18:38 ` Vasiliy Kulikov
2011-07-30 18:43 ` Vasiliy Kulikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110812082024.GA8785@albatros \
--to=segoon@openwall.com \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox