Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-rangepatch

From: Zachary Amsden
Date: Mon May 22 2006 - 12:43:31 EST

Jakub Jelinek wrote:

That's known bug in early glibcs short after adding vDSO support.
The vDSO support has been added in May 2003 to CVS glibc (i.e. post glibc
2.3.2) and the problems have been fixed when they were discovered, in
February 2004:

I strongly believe we want randomized vDSOs, people are already abusing the
fix mapped vDSO for attacks, and I think the unfortunate 10 months of broken
glibc shouldn't stop that forever. Anyone using such glibc can still use
vdso=0, or do that just once and upgrade to somewhat more recent glibc.

While I'm now inclined to agree with randomization, I think the default should be off. You can quite easily "echo 1 > /proc/sys/kernel/vdso_randomization" in the RC scripts, which allows you to maintain compatibility for everyone and get randomization turned on early enough to thwart attacks against any vulnerable daemons.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at