Date: Tue, 27 Feb 2018 22:31:38 +0100 From: lazytyped <lazytyped@...il.com> To: Kees Cook <keescook@...omium.org>, Ilya Smith <blackzert@...il.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, Dan Williams <dan.j.williams@...el.com>, Michal Hocko <mhocko@...e.com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Jan Kara <jack@...e.cz>, Jerome Glisse <jglisse@...hat.com>, Hugh Dickins <hughd@...gle.com>, Matthew Wilcox <willy@...radead.org>, Helge Deller <deller@....de>, Andrea Arcangeli <aarcange@...hat.com>, Oleg Nesterov <oleg@...hat.com>, Linux-MM <linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com> Subject: Re: [RFC PATCH] Randomization of address chosen by mmap. On 2/27/18 9:52 PM, Kees Cook wrote: > I'd like more details on the threat model here; if it's just a matter > of .so loading order, I wonder if load order randomization would get a > comparable level of uncertainty without the memory fragmentation, This also seems to assume that leaking the address of one single library isn't enough to mount a ROP attack to either gain enough privileges or generate a primitive that can leak further information. Is this really the case? Do you have some further data around this? - twiz
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.