lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 16 Mar 2011 07:38:07 -0500
From:	Matt Mackall <mpm@...enic.com>
To:	Pekka Enberg <penberg@...nel.org>
Cc:	George Spelvin <linux@...izon.com>, penberg@...helsinki.fi,
	herbert@...dor.apana.org.au, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org, Christoph Lameter <cl@...ux.com>,
	Dan Rosenberg <drosenberg@...curity.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 0/8] mm/slub: Add SLUB_RANDOMIZE support

On Wed, 2011-03-16 at 08:23 +0200, Pekka Enberg wrote:
> Hi Matt,
> 
> On Sun, 2011-03-13 at 20:20 -0400, George Spelvin wrote:
> >> As a followup to the "[PATCH] Make /proc/slabinfo 0400" thread, this
> >> is a patch series to randomize the order of object allocations within
> >> a page.  It can be extended to SLAB and SLOB if desired.  Mostly it's
> >> for benchmarking and discussion.
> 
> On Wed, Mar 16, 2011 at 4:57 AM, Matt Mackall <mpm@...enic.com> wrote:
> > I've spent a while thinking about this over the past few weeks, and I
> > really don't think it's productive to try to randomize the allocators.
> > It provides negligible defense and just makes life harder for kernel
> > hackers.
> 
> If it's an optional feature and the impact on the code is low (as it
> seems to be), what's the downside?

We still haven't established an upside, so from where I'm sitting it's
all downside.

>  Combined with disabling SLUB's slab
> merging, randomization should definitely make it more difficult to
> have full control over a full slab.

Turning off slab merging will help for object types that use their own
slabs, kmalloced objects will still be vulnerable, independently of
randomization. Randomization won't prevent anything but the most naive
attack.

Again, we've already spent more time talking about this than it will
take for the exploit community to work around it.

> No, you can't but heap exploits like the one we discuss are slightly
> harder with SLOB anyway, no?

Only slightly, if at all.

-- 
Mathematics is the supreme nostalgia of our time.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ