[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110526204030.GL29496@redhat.com>
Date: Thu, 26 May 2011 16:40:30 -0400
From: Vivek Goyal <vgoyal@...hat.com>
To: Dan Rosenberg <drosenberg@...curity.com>
Cc: Dan Rosenberg <drosenberg@...curity.com>,
Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org,
davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net,
eranian@...gle.com, torvalds@...ux-foundation.org,
adobriyan@...il.com, penberg@...nel.org, hpa@...or.com,
Arjan van de Ven <arjan@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Valdis.Kletnieks@...edu, Ingo Molnar <mingo@...e.hu>,
pageexec@...email.hu
Subject: Re: [RFC][PATCH] Randomize kernel base address on boot
On Thu, May 26, 2011 at 04:35:02PM -0400, Vivek Goyal wrote:
> On Tue, May 24, 2011 at 04:31:45PM -0400, Dan Rosenberg wrote:
> > This introduces CONFIG_RANDOMIZE_BASE, which randomizes the address at
> > which the kernel is decompressed at boot as a security feature that
> > deters exploit attempts relying on knowledge of the location of kernel
> > internals. The default values of the kptr_restrict and dmesg_restrict
> > sysctls are set to (1) when this is enabled, since hiding kernel
> > pointers is necessary to preserve the secrecy of the randomized base
> > address.
>
> What happens to /proc/iomem interface which gives us the physical memory
> location where kernel is loaded. kexec-tools relies on that interface
> heavily so we can not take it away. And if we can not take it away then
> I think somebody should be easibly be able to calculate this randomized
> base address.
Resending this mail as in last message I got the email address of Dan
wrong and mail bounced. Sorry about that.
Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists