Re: [PATCH] Make /proc/slabinfo 0400
From: Jesper Juhl
Date: Sat Mar 05 2011 - 20:16:03 EST
On Sat, 5 Mar 2011, Matt Mackall wrote:
> On Sun, 2011-03-06 at 01:42 +0100, Jesper Juhl wrote:
> > On Fri, 4 Mar 2011, Dan Rosenberg wrote:
> >
> > > On Fri, 2011-03-04 at 22:58 +0200, Pekka Enberg wrote:
> > > > On Fri, Mar 4, 2011 at 10:37 PM, Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote:
> > > > > This patch makes these techniques more difficult by making it hard to
> > > > > know whether the last attacker-allocated object resides before a free or
> > > > > allocated object. Especially with vulnerabilities that only allow one
> > > > > attempt at exploitation before recovery is needed to avoid trashing too
> > > > > much heap state and causing a crash, this could go a long way. I'd
> > > > > still argue in favor of removing the ability to know how many objects
> > > > > are used in a given slab, since randomizing objects doesn't help if you
> > > > > know every object is allocated.
> > > >
> > > > So if the attacker knows every object is allocated, how does that help
> > > > if we're randomizing the initial freelist?
> > >
> > > If you know you've got a slab completely full of your objects, then it
> > > doesn't matter that they happened to be allocated in a random fashion -
> > > they're still all allocated, and by freeing one of them and
> > > reallocating, you'll still be next to your target.
> > >
> >
> > But still, if randomizing allocations makes life just a little harder for
> > attackers in some scenarios, why not just do it?
>
> Lemme guess, you work for the TSA?
>
No. And now I actually feel slightly insulted.
> As far as I can tell neither of the patches under discussion do anything
> that couldn't be worked around by an exploit writer in the time it takes
> to write this email. And the second attacker, of course, will have even
> less trouble.
>
> Putting trivial obstacles in the way of attackers accomplishes little
> beyond annoying users.
>
If we annoy users I agree we shouldn't. If we don't annoy users (and don't
impact performance in any relevant way) then even trivial obstacles that
stop just a few exploits are worth it IMHO.
--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Plain text mails only, please.
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/