Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Apr 2013 11:15:18 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Ingo Molnar <mingo@...nel.org>
CC: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org,
        kernel-hardening@...ts.openwall.com,
        Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
        x86@...nel.org, Jarkko Sakkinen <jarkko.sakkinen@...el.com>,
        Matthew Garrett <mjg@...hat.com>,
        Matt Fleming <matt.fleming@...el.com>,
        Eric Northup <digitaleric@...gle.com>,
        Dan Rosenberg <drosenberg@...curity.com>,
        Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...omium.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 1/3] x86: routines to choose random kernel base offset

On 04/05/2013 12:36 AM, Ingo Molnar wrote:
> 
> * Ingo Molnar <mingo@...nel.org> wrote:
> 
>>
>> * Kees Cook <keescook@...omium.org> wrote:
>>
>>> This provides routines for selecting a randomized kernel base offset, 
>>> bounded by e820 details. It tries to use RDRAND and falls back to RDTSC. 
>>> If "noaslr" is on the kernel command line, no offset will be used.
>>
>> Would it make sense to also add three other sources of entropy:
> 
> In any case, would it be possible to also mix these bootup sources of 
> entropy into our regular random pool?
> 
> That would improve random pool entropy on all Linux systems, not just 
> those that choose to enable kernel-base-address randomization.
> 

I think we already do at least some of these, but at this point, for any
non-RDRAND-capable hardware we could almost certainly do better for any
definition of anything at all.

RDRAND is obviously the ultimate solution here.

	-hpa


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.