lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Mar 2018 21:48:22 +0300
From:   Ilya Smith <blackzert@...il.com>
To:     "Theodore Y. Ts'o" <tytso@....edu>
Cc:     Michal Hocko <mhocko@...nel.org>,
        Matthew Wilcox <willy@...radead.org>, rth@...ddle.net,
        ink@...assic.park.msu.ru, mattst88@...il.com, vgupta@...opsys.com,
        linux@...linux.org.uk, tony.luck@...el.com, fenghua.yu@...el.com,
        ralf@...ux-mips.org, jejb@...isc-linux.org,
        Helge Deller <deller@....de>, benh@...nel.crashing.org,
        paulus@...ba.org, mpe@...erman.id.au, schwidefsky@...ibm.com,
        heiko.carstens@...ibm.com, ysato@...rs.sourceforge.jp,
        dalias@...c.org, davem@...emloft.net, tglx@...utronix.de,
        mingo@...hat.com, hpa@...or.com, x86@...nel.org,
        nyc@...omorphy.com, viro@...iv.linux.org.uk, arnd@...db.de,
        gregkh@...uxfoundation.org, deepa.kernel@...il.com,
        Hugh Dickins <hughd@...gle.com>, kstewart@...uxfoundation.org,
        pombredanne@...b.com, Andrew Morton <akpm@...ux-foundation.org>,
        steve.capper@....com, punit.agrawal@....com,
        aneesh.kumar@...ux.vnet.ibm.com, npiggin@...il.com,
        Kees Cook <keescook@...omium.org>, bhsharma@...hat.com,
        riel@...hat.com, nitin.m.gupta@...cle.com,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Jan Kara <jack@...e.cz>, ross.zwisler@...ux.intel.com,
        Jerome Glisse <jglisse@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        Oleg Nesterov <oleg@...hat.com>, linux-alpha@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>,
        linux-snps-arc@...ts.infradead.org, linux-ia64@...r.kernel.org,
        linux-metag@...r.kernel.org, linux-mips@...ux-mips.org,
        linux-parisc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
        linux-s390@...r.kernel.org, linux-sh@...r.kernel.org,
        sparclinux@...r.kernel.org, Linux-MM <linux-mm@...ck.org>
Subject: Re: [RFC PATCH v2 0/2] Randomization of address chosen by mmap.

> On 28 Mar 2018, at 01:16, Theodore Y. Ts'o <tytso@....edu> wrote:
> 
> On Tue, Mar 27, 2018 at 04:51:08PM +0300, Ilya Smith wrote:
>>> /dev/[u]random is not sufficient?
>> 
>> Using /dev/[u]random makes 3 syscalls - open, read, close. This is a performance
>> issue.
> 
> You may want to take a look at the getrandom(2) system call, which is
> the recommended way getting secure random numbers from the kernel.
> 
>>> Well, I am pretty sure userspace can implement proper free ranges
>>> tracking…
>> 
>> I think we need to know what libc developers will say on implementing ASLR in 
>> user-mode. I am pretty sure they will say ‘nether’ or ‘some-day’. And problem 
>> of ASLR will stay forever.
> 
> Why can't you send patches to the libc developers?
> 
> Regards,
> 
> 						- Ted

I still believe the issue is on kernel side, not in library.

Best regards,
Ilya

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ