Re: [RFC PATCH] Randomization of address chosen by mmap.

From: Ilya Smith
Date: Sat Mar 03 2018 - 10:13:40 EST


> On 2 Mar 2018, at 23:48, Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
> Ah, I didn't mean that. I was thinking that we can change the
> implementation to reserve 1-N pages after the end of the mapping.
> So you can't map anything else in there, and any load/store into that
> region will segfault.
>

Iâm afraid it still will allow many attacks. The formula for new address would
be like: address_next = address_prev - mmap_size - random(N) as you suggested.
To prevent brute-force attacks N should be big enough like more 2^32 for
example. This number 2^32 is just an example and right now I donât know the
exact value. What Iâm trying to say that address computation formula has
dependency on concrete predictable address. In my scheme even address_prev was
chose randomly.

Best regards,
Ilya