Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Sep 2011 12:57:32 -0400
To: Vasiliy Kulikov <>
Cc: David Rientjes <>, Christoph Lameter <>,, Pekka Enberg <>,
        Matt Mackall <>,
        Andrew Morton <>,,
        Kees Cook <>, Dave Hansen <>,
        Linus Torvalds <>,
        Alan Cox <>,
Subject: Re: [PATCH 2/2] mm: restrict access to /proc/meminfo

On Thu, 29 Sep 2011 20:18:48 +0400, Vasiliy Kulikov said:

> As `new' is just increased, it means it is known with KB granularity,
> not MB.  By counting used slab objects he learns filled_obj_size_sum.
> So, rounding gives us nothing, but obscurity.

Yes, but if he has an exploit that requires using up (for example) exactly 31
objects in the slab, he may now know that a new slab got allocated to push it
over the MB boundary.  So he knows there's exactly one object in that new slab.

But now he has to fly blind for the next 30 because the numbers will display
exactly the same, and he can't correct for somebody else allocating one so he
needs to only allocate 29...

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.