lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 25 Sep 2020 13:26:38 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Pintu Agarwal <pintu.ping@...il.com>
Cc:     open list <linux-kernel@...r.kernel.org>,
        Kernelnewbies <kernelnewbies@...nelnewbies.org>,
        "moderated list:ARM/FREESCALE IMX / MXC ARM ARCHITECTURE" 
        <linux-arm-kernel@...ts.infradead.org>,
        Russell King - ARM Linux <linux@...linux.org.uk>,
        ard.biesheuvel@...aro.org, arnd@...db.de, nico@...aro.org,
        thgarnie@...gle.com, marc.zyngier@....com,
        Mark Rutland <mark.rutland@....com>, tony@...mide.com,
        matt@...eblueprint.co.uk, dave.martin@....com
Subject: Re: KASLR support on ARM with Kernel 4.9 and 4.14

On Fri, Sep 25, 2020 at 08:33:59PM +0530, Pintu Agarwal wrote:
> This is regarding the KASLR feature support on ARM for the kernel
> version 4.9 and 4.14.
> 
> Is KASLR supported on ARM-32 Linux 4.9 and above ?

Sorry, this feature did not yet land in upstream:
https://github.com/KSPP/linux/issues/3

Here was the earlier effort:
https://lore.kernel.org/kernel-hardening/20170814125411.22604-1-ard.biesheuvel@linaro.org/

> Is it dependent on CONFIG_RANDOMIZE_BASE or

CONFIG_RANDOMIZE_BASE is what is used on other architectures to control
the feature.

> /proc/sys/kernel/randomize_va_space ?
> Is there any relation between these two?

No, the latter is about userspace addresses.

> Is the changing kernel symbols (in every boot), only possible if KASLR
> is enabled, or there is another way it can happen?

I think you meant kernel symbol addresses (not the symbols themselves).
But yes, I wouldn't expect the addresses to move if you didn't either
rebuild the kernel or had something else moving the kernel at boot (i.e.
the boot loader).

> I have these queries because,
> In one of the arm-32 devices with Kernel 4.14, I observed that
> CONFIG_RANDOMIZE_BASE is not available.
> But /proc/sys/kernel/randomize_va_space is set to 2.
> However, I also observed that symbol addresses are changing in every boot.
> 
> 1st boot cycle:
> [root ~]# cat /proc/kallsyms | grep "sys_open"
> a5b4de92 T sys_open
> [root@...15m ~]#
> 
> 2nd boot cycle:
> [root ~]# cat /proc/kallsyms | grep "sys_open"
> f546ed66 T sys_open
> 
> So, I am wondering how this is possible without KASLR
> (CONFIG_RANDOMIZE_BASE) support in Kernel ?

What device is this? Is it a stock kernel?

> Similarly, with Kernel 4.9 and CONFIG_RANDOMIZE_BASE is not available
> but /proc/sys/kernel/randomize_va_space is set to 2.
> But here, the addresses are remaining same.
> 
> 1st Run:
> [root~]# cat /proc/kallsyms | grep "sys_open"
> c01ed68c T sys_open
> [root ~]#
> 
> *** reboot ***
> [root ~]# cat /proc/kallsyms | grep "sys_open"
> c01ed68c T sys_open
> 
> 
> Is there any other difference between these two kernel versions with
> respect to changing symbol addresses ?

Is the boot loader changing the base address? (What boot loader are you
using?)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ