Re: [PATCH] Undo some of the pseudo-security madness

From: Florian Weimer
Date: Thu Feb 01 2007 - 03:07:19 EST

Next message: Frederic Riss: "Re: [PATCH] EFI x86: pass firmware call parameters on the stack"
Previous message: Ingo Molnar: "Re: 2.6.20-rc6-mm3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Arjan van de Ven:

>> No amount of carefulness will prevent vendors stick arbitrarily
>> damaging values of stack and mmap base randomisation, severely reducing
>> the usefullness of MAP_FIXED.
>
> MAP_FIXED is useful still. The only safe way is to use addresses you got
> from mmap(), eg you overmap something.
> Anything else is madness, with or without randomization. The C library
> for example is free, and does, allocate memory and stacks etc etc.

This reminds me of a different matter: What is the recommended way to
reserve address space (so that libc etc. won't use it) *without*
increasing the VM committed memory counter? In other words, without
allocating backing store for it?

IIRC, mmap(PROT_NONE) followed by mprotect(PROT_READ | PROT_WRITE)
seems to work, but I wonder if this is just an accident, or if this is
part of the API.

This is an interesting topic because such functionality is required to
make many virtual machines work with address space randomization and
(especially) vm.overcommit_memory=2. They don't need the backing
store from the beginning, but they really like (if not need, even)
huge regions of continuous address space.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frederic Riss: "Re: [PATCH] EFI x86: pass firmware call parameters on the stack"
Previous message: Ingo Molnar: "Re: 2.6.20-rc6-mm3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]