Re: [PATCH] Undo some of the pseudo-security madness

From: Arjan van de Ven
Date: Wed Jan 31 2007 - 12:20:34 EST

Next message: Andi Kleen: "Re: [PATCH] x86_64: Fix preprocessor condition"
Previous message: Arjan van de Ven: "Re: linux scheduler and "cache-mate" processors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> No amount of carefulness will prevent vendors stick arbitrarily
> damaging values of stack and mmap base randomisation, severely reducing
> the usefullness of MAP_FIXED.

MAP_FIXED is useful still. The only safe way is to use addresses you got
from mmap(), eg you overmap something.
Anything else is madness, with or without randomization. The C library
for example is free, and does, allocate memory and stacks etc etc.

Same for many other libraries; in addition libraries change in size all
the time... MAP_FIXED of an address you don't KNOW is free is a bug.
Period.
(using an address previously obtained from mmap() is safest, but you
could in theory also parse /proc/self/maps, although that is racey,
since nothing guarantees that the C library didn't spawn a background
thread that allocates memory)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [PATCH] x86_64: Fix preprocessor condition"
Previous message: Arjan van de Ven: "Re: linux scheduler and "cache-mate" processors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]