Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch

From: Jamie Lokier
Date: Tue Feb 03 2004 - 03:54:05 EST

Next message: Vladimir Saveliev: "Re: 2.6.2-rc3-mm1"
Previous message: Pasi Kärkkäinen: "Re: Promise PDC20269 (Ultra133 TX2) + Software RAID"
In reply to: Ulrich Drepper: "Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch"
Next in thread: Andrea Arcangeli: "Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ulrich Drepper wrote:
> You got to be kidding. Some object fixed in the address space which can
> perform system calls. Nothing is more welcome to somebody trying to
> exploit some bugs.

Two approaches to randomising the vdso address:

1. Selecting a random address at boot time. All tasks have the same
vdso for that run of the kernel. Advantages: no MSR write at
each context switch; could patch libsyscall.so at boot time with
address if we were fanatical about optimisation (i.e. other
libcs, not Glibc :) Disadvantages: the attacker may eventually
learn the address.

2. Select a random address for every new task. Advantages: harder
to guess from studying a machine for a long time. Disadvantages:
slower context switches; the gain from randomising each task is
nothing if all the tasks are very long lived anyway.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vladimir Saveliev: "Re: 2.6.2-rc3-mm1"
Previous message: Pasi Kärkkäinen: "Re: Promise PDC20269 (Ultra133 TX2) + Software RAID"
In reply to: Ulrich Drepper: "Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch"
Next in thread: Andrea Arcangeli: "Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]