lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080205173358.GG24331@elf.ucw.cz>
Date:	Tue, 5 Feb 2008 18:33:58 +0100
From:	Pavel Machek <pavel@....cz>
To:	Arjan van de Ven <arjan@...radead.org>
Cc:	Hugh Dickins <hugh@...itas.com>, Jiri Kosina <jkosina@...e.cz>,
	kernel list <linux-kernel@...r.kernel.org>,
	Ingo Molnar <mingo@...e.hu>,
	Abel Bernabeu <abel.bernabeu@...il.com>
Subject: Re: brk randomization breaks columns

On Tue 2008-02-05 08:58:41, Arjan van de Ven wrote:
> On Tue, 5 Feb 2008 16:46:48 +0100
> Pavel Machek <pavel@....cz> wrote:
> 
> > Hi!
> > 
> > > > In my usual dither, I'm rather hoping Arjan will have a clear
> > > > answer.
> > > 
> > > 
> > > setarch works. If the apps come in source form they need fixing
> > > anyway (since I'd not be surprised of current gcc reorders
> > > variables), if not.. we only have 2 cases, the other case was the
> > > build process of emacs (which got fixed 5 years ago).
> > 
> > uemacs ... broken with randomization
> > colums, sss ... local programs, broken with randomization
> > procinfo ... broken, randomization makes it die sooner.
> > mikmod ... broken with randomization
> > bsdsed ... broken with randomization
> > ...
> > Should I test few more?
> 
> ok throw that idea out of the window then
> 
> the combo of a config option + sysctl sounds the right way forward then ;(
> 
> Unless there's a way we can make sys_brk() detect this kind of behavior somehow...
> we could track per process if brk(0) was called, and if not, do something fancy to work around stuff?

That behaviour is indeed easy to detect. If someone does sys_brk()
with value lower than heap_start, it means it is old binary (but I'd
call that a hack).

But... older binaries call sys_personality(). Maybe it is cleaner not
to base check on that?
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ