Date: Fri, 12 Aug 2011 12:20:24 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: kernel-hardening@...ts.openwall.com Subject: Re: base address for shared libs Solar, On Fri, Aug 12, 2011 at 08:21 +0400, Solar Designer wrote: [...] > I think this should be configurable in the 0 to 19 bits range. [...] Yes, I agree this is a trade-off and depends on program needs (address space size) and security threads. However, some upstream guys don't agree it should be configurable: https://lkml.org/lkml/2006/5/19/219 https://lkml.org/lkml/2006/5/22/207: "Because if it is configurable, someone _will_ configure it wrong, and then ask us why it does not work." And similar. Probably it worth trying to bring up the discussion of configurable ASLR entropy again - the code to configure it is simple anyway. However, I expect one nasty answer: "everybody should use x86-64 for good ASLR and other things, for x86-32 it is bad anyway, so don't bother to fix things broken by design." So, to summarize: For upstream we want to start mmap addresses allocation from 0x1100000, bottom up. Probably, make entropy configurable. For Owl we want to make entropy size configurable. Depending on the entropy, use ASCII-armor or fallback to the default allocator instantly. Correct? -- Vasiliy
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.