From: Andrew Morton <akpm@linux-foundation.org>
To: Jiri Kosina <jkosina@suse.cz>
Cc: Jan Kratochvil <honza@jikos.cz>, Ingo Molnar <mingo@elte.hu>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH][RESEND] PIE randomization
Date: Fri, 11 May 2007 13:36:51 -0700 [thread overview]
Message-ID: <20070511133651.63f8a14d.akpm@linux-foundation.org> (raw)
In-Reply-To: <Pine.LNX.4.64.0705112211440.16923@twin.jikos.cz>
On Fri, 11 May 2007 22:18:16 +0200 (CEST)
Jiri Kosina <jkosina@suse.cz> wrote:
> On Fri, 11 May 2007, Andrew Morton wrote:
>
> > > I sent this patch 5 days ago, nobody replied. So I am giving it
> > > second attempt. Andrew, is it possible to test this in -mm branch?
> > > Original mail follows:
> > > this is something like reaction to this thread:
> > > http://lkml.org/lkml/2007/1/6/124. I hope I was able to separate the
> > > PIE randomization part correctly.
> > I don't know what to do with this. The changelog doesn't tell me what PIE
> > randomization _is_, nor why the kernel would want to do it. "Randomizing
> > -pie compiled binaries" sounds fairly undesirable, actually ;)
>
> I think it's precisely what we want to do in case the randomize_va_space
> is set to 1, don't we? (I haven't yet gone throught the patch though, so I
> am not sure whether this is the case).
erm, I was being funny. If you randomize a binary it won't run any more.
cp /dev/random /bin/login. Oh well.
My point is, we're not being told what is being randomized here. Is it the
virtual starting address of the main executable mmap? Of the shared
libraries also? Is it the stack location? What?
I could reverse-engineer that info from the patch, I guess, but I'd prefer
to go in the opposite direction: you tell us what the patch is trying to
do, then we look at it and see if we agree that it is in fact doing that.
> We already have stack randomization and mmap() base randomization but
> executable base randomization (which is of course only feasible for -pie
> executables) and brk() randomization still seem to be missing to make it
> complete.
next prev parent reply other threads:[~2007-05-11 20:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-11 12:33 [PATCH][RESEND] PIE randomization Jan Kratochvil
2007-05-11 19:56 ` Andrew Morton
2007-05-11 20:18 ` Jiri Kosina
2007-05-11 20:36 ` Andrew Morton [this message]
2007-05-11 22:41 ` Ulrich Drepper
2007-05-11 23:50 ` Jiri Kosina
2007-05-16 17:14 ` Jiri Kosina
2007-05-17 20:24 ` Jan Kratochvil
2007-05-17 21:50 ` Jiri Kosina
2007-05-18 17:29 ` Andrew Morton
2007-05-21 14:58 ` Hugh Dickins
2007-05-22 23:16 ` Andrew Morton
2007-05-23 8:50 ` Jiri Kosina
2007-07-04 8:25 ` Jakub Jelinek
2007-07-04 17:35 ` Jiri Kosina
2007-07-05 20:53 ` Chuck Ebbert
2007-07-05 20:57 ` Rik van Riel
2007-07-07 0:13 ` Jiri Kosina
2007-07-07 12:30 ` Jakub Jelinek
2007-07-09 11:41 ` Jiri Kosina
2007-07-09 21:58 ` Jiri Kosina
2007-07-10 9:47 ` Jakub Jelinek
2007-07-11 9:58 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070511133651.63f8a14d.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=honza@jikos.cz \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox