Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-rangepatch
From: Zachary Amsden
Date: Mon May 22 2006 - 12:43:31 EST
Jakub Jelinek wrote:
That's known bug in early glibcs short after adding vDSO support.
The vDSO support has been added in May 2003 to CVS glibc (i.e. post glibc
2.3.2) and the problems have been fixed when they were discovered, in
I strongly believe we want randomized vDSOs, people are already abusing the
fix mapped vDSO for attacks, and I think the unfortunate 10 months of broken
glibc shouldn't stop that forever. Anyone using such glibc can still use
vdso=0, or do that just once and upgrade to somewhat more recent glibc.
While I'm now inclined to agree with randomization, I think the default
should be off. You can quite easily "echo 1 >
/proc/sys/kernel/vdso_randomization" in the RC scripts, which allows you
to maintain compatibility for everyone and get randomization turned on
early enough to thwart attacks against any vulnerable daemons.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/