Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Feb 2018 22:31:38 +0100
From: lazytyped <>
To: Kees Cook <>, Ilya Smith <>
Cc: Andrew Morton <>,
 Dan Williams <>, Michal Hocko <>,
 "Kirill A. Shutemov" <>,
 Jan Kara <>, Jerome Glisse <>,
 Hugh Dickins <>, Matthew Wilcox <>,
 Helge Deller <>, Andrea Arcangeli <>,
 Oleg Nesterov <>, Linux-MM <>,
 LKML <>,
 Kernel Hardening <>
Subject: Re: [RFC PATCH] Randomization of address chosen by mmap.

On 2/27/18 9:52 PM, Kees Cook wrote:
> I'd like more details on the threat model here; if it's just a matter
> of .so loading order, I wonder if load order randomization would get a
> comparable level of uncertainty without the memory fragmentation,

This also seems to assume that leaking the address of one single library
isn't enough to mount a ROP attack to either gain enough privileges or
generate a primitive that can leak further information. Is this really
the case? Do you have some further data around this?

       -  twiz

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.