Re: Patch 0/6 virtual address space randomisation

From: Julien TINNES
Date: Thu Jan 27 2005 - 06:45:21 EST


Arjan van de Ven wrote:
The randomisation patch series introduces infrastructure and functionality
that causes certain parts of a process' virtual address space to be
different for each invocation of the process. The purpose of this is to
raise the bar on buffer overflow exploits; full randomisation makes it not
possible to use absolute addresses in the exploit.


I think it is worth mentioning that this is part of PaX ASLR, but with some changes and simplification.
I have some questions about the changes:

for RANDMMAP why doing randomization in mmap_base() and not in arch_pick_mmap_layout? You miss a whole case here where legacy layout is used.

--
Julien TINNES - & france telecom - R&D Division/MAPS/NSS
Research Engineer - Internet/Intranet Security
GPG: C050 EF1A 2919 FD87 57C4 DEDD E778 A9F0 14B9 C7D6
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/