Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 9 Apr 2016 07:42:02 -0700
From: lazytyped <>
Subject: Re: [RFC v2] mm: SLAB freelist randomization

On 4/9/16 7:24 AM, Thomas Garnier wrote:
> Yes and no. With slabinfo not being available if not root you are not
> sure when you start a new SLAB. You also can't quantify the risk of
> another allocation happening on a real machine under load.
> It decreases the odds on a successful overflow that just requires two
> allocations to follow one another. It doesn't mitigate heap overflows.

Both things you mention above are somehow unrelated to the freelist
randomization. But that's fine. This has no performance impact, so there
is no problem in having it (not that I would or would want to have a say
:-) ).

I was just arguing that hinting at that specific exploit as one that
would have had 'decreased' odds of exploitation didn't seem like the
best choice.

        -  twiz

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.