Re: [PATCH] 126.96.36.199 Parameter-controlled mmap/stack randomization
From: Pavel Machek
Date: Sun May 21 2006 - 21:06:08 EST
On So 20-05-06 11:23:47, John Richard Moser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Arjan van de Ven wrote:
> > On Fri, 2006-05-19 at 21:00 -0400, John Richard Moser wrote:
> >> Any comments on this one?
> >> I'm trying to control the stack and heap randomization via command-line
> >> parameters.
> > why? this doesn't really sound like something that needs to be tunable
> > to that extend; either it's on or it's off (which is tunable already),
> > the exact amount should just be the right value. While I often disagree
> > with the gnome desktop guys, they have some point when they say that
> > if you can get it right you shouldn't provide a knob.
> This is a "One Size Fits All" argument.
> Oracle breaks with 256M stack/mmap() randomization, so does Linus' mail
> client. That's why we have 8M stack and 1M mmap().
> On the other hand, some things may give us the undesirable
> situation where-- even on an x86-64 with real NX-bit love-- there's an
> executable stack. The stack randomization in this case can likely be
> weakened by, say, 8 bits by padding your shellcode with 1-byte NOPs
> (there's a zillion of these, like inc %eax) up to 4096 bytes. This
> leaves 1 success case for every 2047 fail cases.
Maybe we can add more bits of randomness when there's enough address
space -- like in x86-64 case?
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/