| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050127172811.GD26997@devserv.devel.redhat.com> From: arjanv at redhat.com (Arjan van de Ven) Subject: "Advances in Security" in the Linux Kernel and RedHat idiocy On Thu, Jan 27, 2005 at 11:10:43AM -0500, Brad Spengler wrote: > Just wanted to point out to you guys the INCREDIBLE advances in Linux > security underway on LKML from security expert Arjan van de Ven: > > http://lkml.org/lkml/2005/1/27/62 > > On the subject of his i386-only mmap randomization patch: > > The randomisation range is 1 megabyte (this is bigger than the stack > randomisation since the stack randomisation only needs 16 bytes alignment > while the mmap needs page alignment, a 64kb range would not have given > enough entropy to be effective) > > If we do a little math.. > 1048576 / 4096 = 256 > 65536 / 16 = 4096 > > 256 different locations for the mmap base, 4096 different locations for > the stack (and apparently argv/envp pages get no randomization) > > Anyone with half a brain would see this is a joke, but not security > expert Arjan van de Ven: I think the joke is on you in this case. There is a large patch series of which you judge the first steps only. Those steps introduce the infrastructure and concepts into the kernel, and later patches will tweak the exact numbers to values with more entropy. ONCE THEY EXISTING INFRASTRUCTURE IS ACCEPTED AND DEBUGGED. Maybe you don't understand that, I assume a lot of the other readers of this list do. You don't plop a huge patch in the linux kernel in one chunk. You do it in nice small, incremental and debuggable steps.
Powered by blists - more mailing lists