lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 05 Apr 2013 11:15:18 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: Ingo Molnar <mingo@...nel.org> CC: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, x86@...nel.org, Jarkko Sakkinen <jarkko.sakkinen@...el.com>, Matthew Garrett <mjg@...hat.com>, Matt Fleming <matt.fleming@...el.com>, Eric Northup <digitaleric@...gle.com>, Dan Rosenberg <drosenberg@...curity.com>, Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...omium.org>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH 1/3] x86: routines to choose random kernel base offset On 04/05/2013 12:36 AM, Ingo Molnar wrote: > > * Ingo Molnar <mingo@...nel.org> wrote: > >> >> * Kees Cook <keescook@...omium.org> wrote: >> >>> This provides routines for selecting a randomized kernel base offset, >>> bounded by e820 details. It tries to use RDRAND and falls back to RDTSC. >>> If "noaslr" is on the kernel command line, no offset will be used. >> >> Would it make sense to also add three other sources of entropy: > > In any case, would it be possible to also mix these bootup sources of > entropy into our regular random pool? > > That would improve random pool entropy on all Linux systems, not just > those that choose to enable kernel-base-address randomization. > I think we already do at least some of these, but at this point, for any non-RDRAND-capable hardware we could almost certainly do better for any definition of anything at all. RDRAND is obviously the ultimate solution here. -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists