| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Jul 2010 11:59:34 +0200 From: Mikael Pettersson <mikpe@...uu.se> To: Xianghua Xiao <xiaoxianghua@...il.com> Cc: linux-kernel@...r.kernel.org Subject: Re: anonymous mmap() and random heap allocation Xianghua Xiao writes: > It seems mmap() can not do random allocation for malloc()/heap on > Linux, anyone used pax's 'mmap randonness' option for that? what's the > price for that? > > I want to port openbsd's malloc() to linux to avoid heap > crashes(overrun/underrun), openbsd's malloc() can do random allocation > for security reasons, meanwhile it helps to avoid some > overrun/underrun crashes with no extra cost, the latter is what I'm > looking for. You can implement this in user-space with existing kernel features. 1: place guard pages around mmap():ed data 2: parse /proc/self/maps and mmap(MAP_FIXED) 3: use a "safe" compiler or a dynamic binary instrumenter 4: use x86 segments (ugh!) 5: use a safe programming language ... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists