lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Mar 2016 09:51:08 +0100 From: Ingo Molnar <mingo@...nel.org> To: Hector Marco-Gisbert <hecmargi@....es> Cc: linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org, kees Cook <keescook@...omium.org>, Ismael Ripoll Ripoll <iripoll@....es> Subject: Re: [PATCH] x86: Enable full randomization on i386 and X86_32. * Hector Marco-Gisbert <hecmargi@....es> wrote: > Currently on i386 and on X86_64 when emulating X86_32 in legacy mode, only > the stack and the executable are randomized but not other mmapped files > (libraries, vDSO, etc.). This patch enables randomization for the > libraries, vDSO and mmap requests on i386 and in X86_32 in legacy mode. > > By default on i386 there are 8 bits for the randomization of the libraries, > vDSO and mmaps which only uses 1MB of VA. > > This patch preserves the original randomness, using 1MB of VA out of 3GB or > 4GB. We think that 1MB out of 3GB is not a big cost for having the ASLR. > > The first obvious security benefit is that all objects are randomized (not > only the stack and the executable) in legacy mode which highly increases > the ASLR effectiveness, otherwise the attackers may use these > non-randomized areas. But also sensitive setuid/setgid applications are > more secure because currently, attackers can disable the randomization of > these applications by setting the ulimit stack to "unlimited". This is a > very old and widely known trick to disable the ASLR in i386 which has been > allowed for too long. > > Another trick used to disable the ASLR was to set the ADDR_NO_RANDOMIZE > personality flag, but fortunately this doesn't work on setuid/setgid > applications because there is security checks which clear Security-relevant > flags. > > This patch always randomizes the mmap_legacy_base address, removing the > possibility to disable the ASLR by setting the stack to "unlimited". > > > Signed-off-by: Hector Marco-Gisbert <hecmargi@....es> > Signed-off-by: Ismael Ripoll Ripoll <iripoll@....es> This signoff line is not valid (primary author is first SOB line, patch submitted is last SOB line), I've changed the second Signed-off-by to an Acked-by. Thanks, Ingo
Powered by blists - more mailing lists