Re: [PATCH] Parameter-controlled mmap/stack randomization

From: Pavel Machek
Date: Mon May 22 2006 - 15:41:11 EST


> >>> Good. So fix emacs/oracle/pine, and year or so and some time after it
> >>> is fixed, we can change kernel defaults. That's still less bad than
> >>> having
> >>>
> >>> [ ] Break emacs
> >>>
> >>> in kernel config.
> >> Nobody is going to fix emacs/oracle/pine, they don't have to. Nothing
> >> is making them. The kernel will wait for them so who cares.
> >
> > No, _you_ have to fix emacs/oracle/pine. You claimed your patch is
> > interesting for secure distros, so you obviously have manpower for
> > that, right?
> RHAT probably fixed Emacs already since it broke on them. Adamantix and
> Hardened Gentoo are most likely to put manpower into things like pine..
> they put a lot of work into removing textrels on i386.
> Oracle we can't do anything about. It's commercial. If we break it,
> they will recommend running it on Solaris or Windows 2003.

Well, if RedHat ships randomization, it will make Oracle fix it quite
quickly :-).

> > As you may have noticed, I'm at receiving end of those bug
> > reports. And what you propose is actually *worse* than IDE, because at
> > least you get relatively clear error message when misconfiguring IDE.
> Yes but when you misconfigure IDE the system doesn't boot. When you
> turn up randomization too high, everything works but 1 or 2
> programs.

Yes, you'll very quickly realize you misconfigured IDE... while stack
randomization is going to break 2 apps and you'll not know why.

> > For x86-64... why not?
> On x86-64 he may, if you can convince him it's useful (asserting that

I do not care much about randomization, sorry. I see it may be useful
on x86-64, but I do not think configurability helps. Sorry.
(cesky, pictures)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at