| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 May 2011 10:06:42 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: Ingo Molnar <mingo@...e.hu> CC: Linus Torvalds <torvalds@...ux-foundation.org>, "Rafael J. Wysocki" <rjw@...k.pl>, Dan Rosenberg <drosenberg@...curity.com>, Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org, davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net, eranian@...gle.com, adobriyan@...il.com, penberg@...nel.org, Arjan van de Ven <arjan@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, Valdis.Kletnieks@...edu, pageexec@...email.hu Subject: Re: [RFC][PATCH] Randomize kernel base address on boot On 05/27/2011 10:00 AM, Ingo Molnar wrote: > > The problem with your relinking solution is that a local attacker can > easily figure out where the kernel is. So this does not protect > against the more common break-in scenario. > There is another issue with it: it doesn't actually solve the real problem other than suspend/resume, which is that the relocation agent needs to understand what the memory space looks like at the time of boot. I think something else we will need for this to be possible is initramfs decoding directly from highmem, since the hack we're currently using to deal with an initramfs/initrd located partly in highmem will break. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists