Re: [GIT PULL] x86/kaslr for v3.14

From: Richard Weinberger
Date: Mon Jan 27 2014 - 02:34:38 EST

Next message: Ingo Molnar: "Re: [GIT PULL] x86/kaslr for v3.14"
Previous message: Jason Wang: "[PATCH net] net: hyperv: initialize link status correctly"
In reply to: H. Peter Anvin: "Re: [GIT PULL] x86/kaslr for v3.14"
Next in thread: Kees Cook: "Re: [GIT PULL] x86/kaslr for v3.14"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 27.01.2014 07:52, schrieb H. Peter Anvin:
> Of course, stack traces themselves contain that information, so one
> could argue that oops=panic is required in order for kASLR to provide
> any kind of security against root. (oops=panic is probably a good idea
> in secure environments anyway...)

Now I understand your point.

/proc/<pid>/stack and a world-readable /boot also need to be disabled.
Deploying a secure kASLR is not easy, especially for end-user distros.

Maybe a CONFIG_RANDOMIZE_BASE_I_MEAN_IT which disables various sources of
information leakage would help too. ;-)

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [GIT PULL] x86/kaslr for v3.14"
Previous message: Jason Wang: "[PATCH net] net: hyperv: initialize link status correctly"
In reply to: H. Peter Anvin: "Re: [GIT PULL] x86/kaslr for v3.14"
Next in thread: Kees Cook: "Re: [GIT PULL] x86/kaslr for v3.14"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]