lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0708240157430.5402@jikos.suse.cz>
Date:	Fri, 24 Aug 2007 02:09:59 +0200 (CEST)
From:	Jiri Kosina <jkosina@...e.cz>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Zan Lynx <zlynx@....org>, linux-kernel@...r.kernel.org,
	Ingo Molnar <mingo@...e.hu>,
	Roland McGrath <roland@...hat.com>,
	Jakub Jelinek <jakub@...hat.com>, Kees Cook <kees@...flux.net>,
	Arjan van de Ven <arjan@...radead.org>
Subject: Re: 2.6.23-rc3-mm1 - memory layout change?  - lost support for
 MAP_32BIT? - mono crashes

(some more CCs added)

On Thu, 23 Aug 2007, Andrew Morton wrote:

> It is quite unobvious to me that the whole pie-randomization thing is 
> worth merging.  Why shouldn't we just drop the lot?

Hi Andrew,

well, whenever it comes to address space layout randomization, there 
usually follows a huge debate whether it is needed or not, some people 
think it's useful and powerful security protection against 0day attacks, 
other people think that it's just fighting the bugs in userspace software 
in a wrong way.

Opinions differ, that's why there is a way to turn the VA space 
randomization completely off trivially.

We already have randomized stack, randomized mmap base, randomized vdso 
page in mainline kernel, but code and heap still stay on deterministic 
addresses. I think providing the possibility for users to have really full 
address space randomization (if they want to) is much better than 
providing the current slightly crippled state, when some parts of address 
space are randomized and some are not. Or do you think we should rather 
rip all the randomization off?

And it's almost certain to me that users want this functionality - look 
major distros. They seem to have out-of-tree patches to provide this 
functionality to their users, IMHO.

Thanks,

-- 
Jiri Kosina
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ