| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 May 2011 15:15:00 -0400 From: Vivek Goyal <vgoyal@...hat.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: "H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...e.hu>, Dan Rosenberg <drosenberg@...curity.com>, "Rafael J. Wysocki" <rjw@...k.pl>, Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org, davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net, eranian@...gle.com, adobriyan@...il.com, penberg@...nel.org, Arjan van de Ven <arjan@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, Valdis.Kletnieks@...edu, pageexec@...email.hu Subject: Re: [RFC][PATCH] Randomize kernel base address on boot On Fri, May 27, 2011 at 11:05:07AM -0700, Linus Torvalds wrote: > On Fri, May 27, 2011 at 10:53 AM, H. Peter Anvin <hpa@...or.com> wrote: > > > > That doesn't solve any problems with the memory map. > > Actually, it does. > > You can load the kernel at the same virtual address we always load it, > and/or perhaps shift it up by just small amounts (ie "single pages" > rather than "ten bits worth of pages") > > And then rely on the fact that you mixed up symbols in other ways. > > "Look ma, no need to worry about memory map". At least no more than we do now. > > Put another way: think about our /proc/iomem right now: > > 00100000-bdc6ffff : System RAM > 01000000-016bdced : Kernel code > 016bdcee-01ca8b7f : Kernel data > 01d36000-01de2fff : Kernel bss > > with the "shift kernel up at load-time", the above information is > suddenly very scary, because the "Kernel code" part is magically > important. > > In contrast, if your randomization depends on just relinking things a > bit differently, you don't really give out any of the random > information in /proc/iomem. Nor does it affect the load address and > the e820 memory map. > > And, in fact, it does give you way more bits of randomness to play > around with the text addresses. I am wondering what happens to crash analysis tools if per system virtual addresses are shifted by some offset. I guess tools like "crash" can adjust to this by looking at vmcore ELF headers but I think gdb does not expect change of virtual addresses. That would essentially mean that apart from vmcore one shall have to store the vmlinux file also from the system crashed. Currently we don't have to save vmlinux. In fact for analysis we can install distro provided debug compiled vmlinux later and just need to get the vmcore file from crashed system and do the analysis. So IIUC, with above model, I guess "crash" should be able to adjust to it quickly but gdb will have issues. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists