Re: Patch 4/6 randomize the stack pointer

[Rik van Riel]

On Thu, 27 Jan 2005, John Richard Moser wrote:
> Arjan van de Ven wrote:

> > > Is this one any worse?
> > yes.
> >
> > oracle, db2 and similar like to mmap 2Gb or more *in one chunk*.
>
> Special case?

Absolutely, but ...

> Can I get this put into perspective?  How much more important is "Good"
> randomization versus "not breaking Oracle," which becomes "No
> randomization"

1) quite a lot of Linux users do use Oracle, DB2 or do
   scientific calculations - distributions cannot afford
   to break those applications, the default has to work
   for everybody

2) "weaker" randomization (2MB) is still effective if the
   stack is non-executable, so the "load a bunch of NOPs"
   approach won't work - this is what Fedora and RHEL use

3) it is not as theoretically strong as what you propose,
   but having the "weaker" scheme enabled is definitely
   more secure than having the "stronger" scheme disabled
   because it breaks applications

--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/