lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110601061843.GA27671@elte.hu>
Date:	Wed, 1 Jun 2011 08:18:43 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Dan Rosenberg <drosenberg@...curity.com>,
	Matthew Garrett <mjg@...hat.com>,
	Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org,
	kees.cook@...onical.com, davej@...hat.com,
	torvalds@...ux-foundation.org, adobriyan@...il.com,
	eranian@...gle.com, penberg@...nel.org, davem@...emloft.net,
	Arjan van de Ven <arjan@...radead.org>,
	Valdis.Kletnieks@...edu, Andrew Morton <akpm@...ux-foundation.org>,
	pageexec@...email.hu, Vivek Goyal <vgoyal@...hat.com>
Subject: Re: [RFC][PATCH] Randomize kernel base address on boot


* H. Peter Anvin <hpa@...or.com> wrote:

> On 05/31/2011 01:27 PM, Ingo Molnar wrote:
> > 
> >> Other than that, Ingo's idea at least have the merit that it would 
> >> break only older bootloaders doing things wrong.
> > 
> > I'm wondering, why would it break older bootloaders? It's just a 
> > slightly larger than usual kernel image, nothing is visible to the 
> > bootloader.
> > 
> 
> Older boot loaders did not know how big the kernel image was, 
> therefore had no way to avoid memory space collision.  That is 
> fixed in boot protocol 2.10.

But i loaded really large kernel images way back 10 years ago on 
various systems and never had any problems until the default 
allyesconfig hit a ~40 MB kernel image size limit ;-)

(which limit was in the kernel, not in the bootloader)

So yes, a large kernel image "can" be an issue with old bootloaders 
in some situations on weird machines but we don't really "break" them 
via randomization, they were broken and fragile in some situations to 
begin with.

It's fixed in any distro that cares and which would use our (not even 
released) kernel that might one day have randomization.

Is that a fair summary of the bootloader situation?

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ