lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <ee152267-744d-b619-4400-35e3ddbac16a@gmail.com> Date: Wed, 13 Jan 2021 13:24:04 +0200 From: Topi Miettinen <toiwoton@...il.com> To: linux-hardening@...r.kernel.org, akpm@...ux-foundation.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org Cc: Jann Horn <jannh@...gle.com>, Kees Cook <keescook@...omium.org>, Matthew Wilcox <willy@...radead.org>, Mike Rapoport <rppt@...nel.org>, Linux API <linux-api@...r.kernel.org> Subject: Re: [PATCH v9] mm: Optional full ASLR for mmap(), mremap(), vdso, stack and heap On 4.1.2021 17.53, Topi Miettinen wrote: > Writing a new value of 3 to /proc/sys/kernel/randomize_va_space > enables full randomization of memory mappings. With 2, the base of the > VMA used for such mappings is random, but the mappings are created in > predictable places within the VMA and in sequential order. With 3, new > VMAs are created to fully randomize the mappings. > > Mappings created with mmap(NULL, ...) are randomized and mremap(..., > MREMAP_MAYMOVE) will move the mappings even if not necessary. The > locations of heap (memory allocated with brk()), stack and vdso are > also randomized. It seems that always moving the mappings in mremap() can expose bugs where the callers don't actually expect the mappings to move, even though MREMAP_MAYMOVE is specified (Debian libapt-pkg6.0): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980037 Perhaps this part should be a separate option to avoid tripping such bugs when compatibility is more important than improved ASLR and debugging. The option could be also used without randomize_va_space==3. How about something like sysctl.kernel.mremap_always_move, sysctl.vm.mremap_always_move or CONFIG_MREMAP_ALWAYS_MOVE? -Topi
Powered by blists - more mailing lists