RE: [kernel-hardening] [PATCH] [RFC] Introduce mmap randomization
From: Roberts, William C
Date: Thu Aug 04 2016 - 12:55:29 EST
> -----Original Message-----
> From: Daniel Micay [mailto:danielmicay@xxxxxxxxx]
> Sent: Thursday, August 4, 2016 9:53 AM
> To: kernel-hardening@xxxxxxxxxxxxxxxxxx; jason@xxxxxxxxxxxxxx; linux-
> mm@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; akpm@linux-
> foundation.org
> Cc: keescook@xxxxxxxxxxxx; gregkh@xxxxxxxxxxxxxxxxxxx; nnk@xxxxxxxxxx;
> jeffv@xxxxxxxxxx; salyzyn@xxxxxxxxxxx; dcashman@xxxxxxxxxxx
> Subject: Re: [kernel-hardening] [PATCH] [RFC] Introduce mmap randomization
>
> On Tue, 2016-07-26 at 11:22 -0700, william.c.roberts@xxxxxxxxx wrote:
> > The recent get_random_long() change in get_random_range() and then the
> > subsequent patches Jason put out, all stemmed from my tinkering with
> > the concept of randomizing mmap.
> >
> > Any feedback would be greatly appreciated, including any feedback
> > indicating that I am idiot.
>
> The RAND_THREADSTACK feature in grsecurity makes the gaps the way I think
> would be ideal, i.e. tracked as part of the appropriate VMA. It would be
> straightforward to make it more general purpose.
I am not familiar with that, thanks for pointing it out. I'll take a look when my time
frees up for this again.