From: Ulrich Drepper <drepper@redhat.com>
To: Davide Libenzi <davidel@xmailserver.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@elte.hu>
Subject: Re: [patch 2/2] ufd v1 - use unsequential O(1) fdmap
Date: Sun, 03 Jun 2007 13:46:21 -0700 [thread overview]
Message-ID: <4663289D.5030109@redhat.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0706031311490.13247@alien.or.mcafeemobile.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Davide Libenzi wrote:
>> If randomizing each allocator is too expensive then randomize at the
>> very least the number of the first descriptor you give out.
>
> Can you tell me how this can be a problem, and in which way making a
> random thing would help?
In attacking an application every bit of known data can be used in an
exploit. Be it something as simple as having a predetermined value at a
certain point in the program since it loaded a file descriptor into a
register.
But what I'm mostly thinking about is the case where I/O could be
redirected. The intruding program could call dup2() and suddenly the
program wanting to write a password to disk could be directed to send it
over a socket. One could imagine countless such attacks.
I don't say such an attack exists today. But this is no reason to not
implement these extra security measures. The cost of a randomized star
base (offset from 2^30) should be zero.
- --
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGYyid2ijCOnn/RHQRAjRoAJ9XsAazZtc9V3AxaPjiNMjK8jPUZgCdG/Eg
KPug5Sq9REHd6H3AR0ax2aU=
=9iUM
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2007-06-03 20:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-02 22:59 [patch 2/2] ufd v1 - use unsequential O(1) fdmap Davide Libenzi
2007-06-03 6:43 ` Ingo Molnar
2007-06-03 18:22 ` Davide Libenzi
2007-06-03 18:20 ` Ulrich Drepper
2007-06-03 18:53 ` Davide Libenzi
2007-06-03 19:43 ` Ulrich Drepper
2007-06-03 20:19 ` Davide Libenzi
2007-06-03 20:46 ` Ulrich Drepper [this message]
2007-06-03 23:01 ` Davide Libenzi
2007-06-03 23:09 ` Ulrich Drepper
2007-06-03 23:32 ` Davide Libenzi
2007-06-04 5:11 ` Linus Torvalds
2007-06-04 5:22 ` Ulrich Drepper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4663289D.5030109@redhat.com \
--to=drepper@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=davidel@xmailserver.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox