| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 May 2011 12:11:13 -0400 From: Dan Rosenberg <drosenberg@...curity.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: "Rafael J. Wysocki" <rjw@...k.pl>, Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org, davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net, eranian@...gle.com, adobriyan@...il.com, penberg@...nel.org, hpa@...or.com, Arjan van de Ven <arjan@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, Valdis.Kletnieks@...edu, Ingo Molnar <mingo@...e.hu>, pageexec@...email.hu Subject: Re: [RFC][PATCH] Randomize kernel base address on boot On Fri, 2011-05-27 at 08:42 -0700, Linus Torvalds wrote: > On Thu, May 26, 2011 at 3:18 PM, Rafael J. Wysocki <rjw@...k.pl> wrote: > > > > Well, as far as I can tell, this feature is going to break hibernation on > > both x86_32 and x86_64 at the moment, unless you can guarantee that the > > randomized kernel location will be the same for both the boot and the target > > kernels. > > You know what? Maybe that guarantee is actually the *right* thing to do.. > > In other words, maybe we really really shouldn't randomize the kernel > load address at boot time at all. > > Instead, what would be much better, is if we just had some way to > re-link distro kernels with some random text offset. Sure, the load > address wouldn't be "random" in any local sense any more, but I think > the real effort here was to avoid having the common distro kernels > having known text addresses. > > If you compile your own kernel version, you're already home free, and > load-time randomization is pointless. > > And load-time randomization has all these nasty problems with memory > maps etc, because we obviously have to shift the whole kernel around > by some fixed offset. But if there was some way to just re-link the > distro kernel easily, then it could be done by the kernel install > scripts, and it could potentially do more than just "shift up load > address by some random number". > > Hmm? > > Linus You know what...I'm surprised that I'm saying this, but given the number of non-trivial challenges that still need to be solved in order to implement load-time randomization, maybe this would be a better way forward. We'd still need to go through the same effort to hide information about kernel text offsets, and we'd still need to do per-cpu IDTs, but neither of those items are as challenging as some of the other problems. I'm not ready to take load-time randomization off the table, but I'd certainly like to hear more discussion on this. There are clearly advantages to load-time randomization that this new option wouldn't have, but the question is really "is what we gain worth the effort?". Thanks, Dan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists