Re: [Security] [PATCH] proc: avoid information leaks tonon-privileged processes
From: Ingo Molnar
Date: Tue May 05 2009 - 02:35:32 EST
* Matt Mackall <mpm@xxxxxxxxxxx> wrote:
> As to what's the appropriate sort of RNG for ASLR to use, finding
> a balance between too strong and too weak is tricky. [...]
In exec-shield i mixed 'easily accessible and fast' semi-random
state to the get_random_int() result: xor-ed the cycle counter, the
pid and a kernel address to it. That strengthened the result in a
pretty practical way (without strengthening the theoretical
randomless - each of those items are considered guessable) and does
so without weakening the entropy of the random pool.
As usual, it got objected to and removed during upstream review so
the upstream code stands on a single foot only - which is an
obviously bad idea.
The thing is, it's very hard to argue for (and prove) security
related complexity on an objective basis. ASLR was met with quite
some upstream hostility, so it did not really get merged upstream,
it barely managed to limp upstream.
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/