Re: [RFC][PATCH] Randomize kernel base address on boot

From: H. Peter Anvin
Date: Tue May 31 2011 - 15:08:48 EST

Next message: Oleg Nesterov: "Re: [PATCH 03/10] ptrace: implement PTRACE_SEIZE"
Previous message: Maarten Lankhorst: "Re: [PATCH] [RFC] usb: Do not attempt to reset the device while itis disabled"
In reply to: Dan Rosenberg: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Next in thread: Ingo Molnar: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/31/2011 12:03 PM, Dan Rosenberg wrote:
>
> Just for the record, I've put this patch on hold until there's some more
> consensus about whether boot-time randomization of the physical kernel
> address is the best approach. There are some other potential issues
> that haven't been brought up yet publicly, such as the possibility of
> local attackers performing cache timing attacks to find the kernel image
> location at runtime, which may make traditional ASLR somewhat pointless
> regardless (except in the case of remote attackers, I suppose). Perhaps
> HPA's suggestion of further modularizing the kernel would have some
> advantages in this regard.
>

I'm probably going to implement the whole-image randomization as an
option in the Syslinux bootloader; it is a *lot* easier to do this
correctly in the bootloader.

-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oleg Nesterov: "Re: [PATCH 03/10] ptrace: implement PTRACE_SEIZE"
Previous message: Maarten Lankhorst: "Re: [PATCH] [RFC] usb: Do not attempt to reset the device while itis disabled"
In reply to: Dan Rosenberg: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Next in thread: Ingo Molnar: "Re: [RFC][PATCH] Randomize kernel base address on boot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]