From: "H. Peter Anvin" <hpa@zytor.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: Andi Kleen <andi@firstfloor.org>,
Marcus Meissner <meissner@suse.de>,
linux-kernel@vger.kernel.org, jason.wessel@windriver.com,
fweisbec@gmail.com, tj@kernel.org, mort@sgi.com, akpm@osdl.org,
security@kernel.org, Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking
Date: Wed, 10 Nov 2010 18:51:12 -0800 [thread overview]
Message-ID: <4CDB5A20.7070106@zytor.com> (raw)
In-Reply-To: <20101110085314.GB8370@elte.hu>
On 11/10/2010 12:53 AM, Ingo Molnar wrote:
>
> * H. Peter Anvin <hpa@zytor.com> wrote:
>
>> We already do virtual relocation on 32 bits, and replicating that on 64 bits
>> wouldn't be hard. However, the linkage script strongly assumes congruency mod 2/4
>> MiB, and that is probably nontrivial to change. However, that still gives about 9
>> bits of entrophy to play with. The question is if that is enough, or if we'd have
>> to do more clever hacks.
>
> Even 1 bit of entropy would bring a visible improvement: a failed exploit attempt to
> the wrong address can crash the kernel with a 50% chance. 9 bits would be very nice.
>
> If an exploit can be brute-forced without crashing the kernel then only some
> significantly large bitness would help. So while 9 bits would be rather low for a
> user-space ASLR scheme [many user-space bugs can be brute-forced without crashing
> the system and raising alarms], it's very attractive for kernel ASLR.
>
Now, *relative* symbol addresses will typically not have any randomness
at all, which may limit the usefulness, of course.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
next prev parent reply other threads:[~2010-11-11 2:52 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-04 10:09 [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking Marcus Meissner
2010-11-04 10:11 ` Tejun Heo
2010-11-05 0:11 ` [Security] " Eugene Teo
2010-11-04 11:46 ` Ingo Molnar
2010-11-04 12:29 ` Marcus Meissner
2010-11-04 13:58 ` Ingo Molnar
2010-11-04 14:11 ` Ingo Molnar
2010-11-04 14:33 ` Marcus Meissner
2010-11-04 14:38 ` Tejun Heo
2010-11-04 14:43 ` H. Peter Anvin
2010-11-04 14:48 ` Tejun Heo
2010-11-04 19:08 ` Ingo Molnar
2010-11-04 21:29 ` [Security] " Willy Tarreau
2010-11-04 21:51 ` Ingo Molnar
2010-11-04 22:35 ` Willy Tarreau
2010-11-04 23:46 ` Willy Tarreau
2010-11-07 8:50 ` Ingo Molnar
2010-11-07 9:08 ` Ingo Molnar
2010-11-07 9:49 ` Willy Tarreau
2010-11-07 11:27 ` Ingo Molnar
2010-11-07 11:41 ` Willy Tarreau
2010-11-07 11:47 ` Ingo Molnar
2010-11-07 11:56 ` Willy Tarreau
2010-11-07 12:12 ` Ingo Molnar
2010-11-07 12:22 ` Willy Tarreau
2010-11-07 12:25 ` Ingo Molnar
2010-11-07 12:39 ` Willy Tarreau
2010-11-07 12:32 ` Ingo Molnar
2010-11-07 12:51 ` Willy Tarreau
2010-11-07 15:27 ` Alan Cox
2010-11-08 6:29 ` Ingo Molnar
2010-11-07 11:42 ` Ingo Molnar
2010-11-07 11:51 ` Willy Tarreau
2010-11-07 12:37 ` Ingo Molnar
2010-11-07 12:55 ` Willy Tarreau
2010-11-07 8:56 ` Ingo Molnar
2010-11-07 9:03 ` Ingo Molnar
[not found] ` <20101104215157.GA25128@ <20101107090805.GA27983@elte.hu>
2010-11-13 13:06 ` Gilles Espinasse
2010-11-07 18:02 ` Andi Kleen
2010-11-07 18:32 ` H. Peter Anvin
2010-11-10 8:53 ` Ingo Molnar
2010-11-11 2:51 ` H. Peter Anvin [this message]
2010-11-11 7:05 ` Ingo Molnar
2010-11-05 2:38 ` Frank Rowand
2010-11-10 20:58 ` Jesper Juhl
2010-11-05 0:20 ` Jesper Juhl
-- strict thread matches above, loose matches on Subject: below --
2010-11-16 10:46 Marcus Meissner
2010-11-17 5:07 ` Kyle McMartin
2010-11-18 7:48 ` Ingo Molnar
2010-11-20 3:18 ` Kees Cook
2010-11-26 7:51 ` Ingo Molnar
2010-11-17 5:40 ` Kyle Moffett
2010-11-17 5:41 ` Kyle Moffett
2010-11-17 5:58 ` Linus Torvalds
2010-11-17 6:19 ` Willy Tarreau
2010-11-18 7:31 ` Ingo Molnar
2010-11-23 17:24 ` Pavel Machek
2010-11-26 7:38 ` Ingo Molnar
2010-11-29 19:03 ` H. Peter Anvin
2010-11-20 11:32 ` Avi Kivity
2010-11-19 19:19 ` Sarah Sharp
2010-11-19 19:54 ` Linus Torvalds
2010-11-19 19:58 ` david
2010-11-19 20:04 ` Linus Torvalds
2010-11-19 20:16 ` Willy Tarreau
2010-11-19 20:55 ` david
2010-11-26 7:48 ` Ingo Molnar
2010-11-29 16:33 ` Sarah Sharp
2010-11-29 18:04 ` Ingo Molnar
2010-11-29 19:05 ` H. Peter Anvin
2010-11-29 19:21 ` Eric Paris
2010-11-29 19:38 ` H. Peter Anvin
2010-11-29 21:49 ` Willy Tarreau
2010-11-29 23:31 ` Alan Cox
2010-11-30 11:58 ` Ingo Molnar
2010-11-20 11:05 ` Richard W.M. Jones
2010-11-19 21:12 Andy Walls
2010-11-19 23:22 ` Linus Torvalds
2010-11-20 2:40 ` Kees Cook
2010-11-20 19:47 ` Henrique de Moraes Holschuh
2010-11-29 22:58 ` Kevin Easton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CDB5A20.7070106@zytor.com \
--to=hpa@zytor.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=akpm@osdl.org \
--cc=andi@firstfloor.org \
--cc=fweisbec@gmail.com \
--cc=jason.wessel@windriver.com \
--cc=linux-kernel@vger.kernel.org \
--cc=meissner@suse.de \
--cc=mingo@elte.hu \
--cc=mort@sgi.com \
--cc=security@kernel.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox