Re: [link@miggy.org: Re: [patch 2/8] personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895)]

[Andi Kleen]

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:
>
> Other binaries are unhappy with address space randomization because they 
> need to get the absolute maximum contiguous VM space for some big array. 
> Ok, so that's less of an issue in 64-bit mode, but there really are 
> programs out there that link everything statically and want to run at a 
> low virtual address so that they can get 2.5GB of virtual memory for one 
> single big allocation. I've written crap like that myself. I'm not _proud_ 
> of it, but I could easily see that programs like that could be unhappy if 
> the system wiggles mmap's around for security issues.

Another common reason for not supporting randomized mappings is
when the program loads a "core file" that has pointers to data
on each boot, as a faster way to initialize data structures. 
That's common with LISP like languages for example, but even
e.g. gcc's pre compiled headers implementation works like this.

> Because compatibility is always of paramount importance.

If you want to give it a security angle: not supporting 
an old application anymore is a very severe DoS attack
for people using it.

-Andi
-- 
ak@xxxxxxxxxxxxxxx -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/