lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Mar 2018 13:57:29 -0700
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Ilya Smith <blackzert@...il.com>
Cc:     rth@...ddle.net, ink@...assic.park.msu.ru, mattst88@...il.com,
        vgupta@...opsys.com, linux@...linux.org.uk, tony.luck@...el.com,
        fenghua.yu@...el.com, jhogan@...nel.org, ralf@...ux-mips.org,
        jejb@...isc-linux.org, deller@....de, benh@...nel.crashing.org,
        paulus@...ba.org, mpe@...erman.id.au, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, ysato@...rs.sourceforge.jp,
        dalias@...c.org, davem@...emloft.net, tglx@...utronix.de,
        mingo@...hat.com, hpa@...or.com, x86@...nel.org,
        nyc@...omorphy.com, viro@...iv.linux.org.uk, arnd@...db.de,
        gregkh@...uxfoundation.org, deepa.kernel@...il.com,
        mhocko@...e.com, hughd@...gle.com, kstewart@...uxfoundation.org,
        pombredanne@...b.com, steve.capper@....com, punit.agrawal@....com,
        paul.burton@...s.com, aneesh.kumar@...ux.vnet.ibm.com,
        npiggin@...il.com, keescook@...omium.org, bhsharma@...hat.com,
        riel@...hat.com, nitin.m.gupta@...cle.com,
        kirill.shutemov@...ux.intel.com, dan.j.williams@...el.com,
        jack@...e.cz, ross.zwisler@...ux.intel.com, jglisse@...hat.com,
        willy@...radead.org, aarcange@...hat.com, oleg@...hat.com,
        linux-alpha@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-snps-arc@...ts.infradead.org,
        linux-arm-kernel@...ts.infradead.org, linux-ia64@...r.kernel.org,
        linux-metag@...r.kernel.org, linux-mips@...ux-mips.org,
        linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
        linux-s390@...r.kernel.org, linux-sh@...r.kernel.org,
        sparclinux@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.

On Thu, 22 Mar 2018 19:36:36 +0300 Ilya Smith <blackzert@...il.com> wrote:

> Current implementation doesn't randomize address returned by mmap.
> All the entropy ends with choosing mmap_base_addr at the process
> creation. After that mmap build very predictable layout of address
> space. It allows to bypass ASLR in many cases.

Perhaps some more effort on the problem description would help.  *Are*
people predicting layouts at present?  What problems does this cause? 
How are they doing this and are there other approaches to solving the
problem?

Mainly: what value does this patchset have to our users?  This reader
is unable to determine that from the information which you have
provided.  Full details, please.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ