Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack

From: Jiri Kosina
Date: Mon Dec 22 2014 - 15:03:35 EST

Next message: Linus Torvalds: "Re: frequent lockups in 3.18rc4"
Previous message: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
In reply to: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Next in thread: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 22 Dec 2014, Andy Lutomirski wrote:

> It could be worth having a mode that goes all out: randomize every
> single allocation independently in, say, a 45 or 46-byte range. That
> would be about as strong ASLR as we could possibly have, it would
> result in guard intervals around mmap data allocations (which has real
> value), and it would still leave plenty of space for big address space
> hogs like the Chromium sandbox.
>
> The main downside would be lots of memory used for page tables.

Plus get_random_int() during every mmap() call. Plus the resulting VA
space fragmentation.

--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: frequent lockups in 3.18rc4"
Previous message: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
In reply to: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Next in thread: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]