Re: [RFC][PATCH] Randomize kernel base address on boot

[david]

On Fri, 27 May 2011, Ingo Molnar wrote:

I don't think these two new images are as important as you are tagging 
them. I would put them down with the 'protect the system from root' type 
of issues.

> - Boot time dynamic randomization allows randomization of 'mass
>   install' systems, where the same image is used, to still be
>   randomized: for example a million phones all with the same Flash
>   ROM image and no 'install' performed at all on them.
>
>   With static randomization these systems will all have the same
>   kernel addresses.

there is already a need to be able to customize these systems on an 
individual system basis (think SSL certs or ssh keys for example)

yes, this makes it a little more difficult than just 'drop this image bit 
for bit on the system', but it's not that hard to setup a 'the first time 
you boot do this stuff then reboot' step, and that step can do the 
'install time' stuff.

> - Boot time dynamic randomization allows read-only systems to still
>   be randomized: for example internet cafes that use some popular
>   pre-packaged kiosk-mode live-DVD. They probably wont bother
>   randomizing and relinking the ISOs per machine and burning per
>   machine DVDs ...

this matters a little bit more because a script to create a custom DVD 
image on the fly is more difficult.

however, I think this is a significantly less important target, 
specifically because these are read-only system images.

but if someone really cares about this, they just need to create a stack 
of slightly different DVDs. if this can be batched up and automated it's 
not that big a deal. the DVDs don't really need to be per-machine, just a 
variety of them.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/