| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Mar 2011 02:15:13 +0100 (CET) From: Jesper Juhl <jj@...osbits.net> To: Matt Mackall <mpm@...enic.com> cc: Dan Rosenberg <drosenberg@...curity.com>, Pekka Enberg <penberg@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Dave Hansen <dave@...ux.vnet.ibm.com>, Theodore Tso <tytso@....edu>, cl@...ux-foundation.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] Make /proc/slabinfo 0400 On Sat, 5 Mar 2011, Matt Mackall wrote: > On Sun, 2011-03-06 at 01:42 +0100, Jesper Juhl wrote: > > On Fri, 4 Mar 2011, Dan Rosenberg wrote: > > > > > On Fri, 2011-03-04 at 22:58 +0200, Pekka Enberg wrote: > > > > On Fri, Mar 4, 2011 at 10:37 PM, Dan Rosenberg <drosenberg@...curity.com> wrote: > > > > > This patch makes these techniques more difficult by making it hard to > > > > > know whether the last attacker-allocated object resides before a free or > > > > > allocated object. Especially with vulnerabilities that only allow one > > > > > attempt at exploitation before recovery is needed to avoid trashing too > > > > > much heap state and causing a crash, this could go a long way. I'd > > > > > still argue in favor of removing the ability to know how many objects > > > > > are used in a given slab, since randomizing objects doesn't help if you > > > > > know every object is allocated. > > > > > > > > So if the attacker knows every object is allocated, how does that help > > > > if we're randomizing the initial freelist? > > > > > > If you know you've got a slab completely full of your objects, then it > > > doesn't matter that they happened to be allocated in a random fashion - > > > they're still all allocated, and by freeing one of them and > > > reallocating, you'll still be next to your target. > > > > > > > But still, if randomizing allocations makes life just a little harder for > > attackers in some scenarios, why not just do it? > > Lemme guess, you work for the TSA? > No. And now I actually feel slightly insulted. > As far as I can tell neither of the patches under discussion do anything > that couldn't be worked around by an exploit writer in the time it takes > to write this email. And the second attacker, of course, will have even > less trouble. > > Putting trivial obstacles in the way of attackers accomplishes little > beyond annoying users. > If we annoy users I agree we shouldn't. If we don't annoy users (and don't impact performance in any relevant way) then even trivial obstacles that stop just a few exploits are worth it IMHO. -- Jesper Juhl <jj@...osbits.net> http://www.chaosbits.net/ Plain text mails only, please. Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists