Re: [PATCH] Make /proc/slabinfo 0400

From: Pekka Enberg
Date: Fri Mar 04 2011 - 15:58:31 EST

Next message: Johan Wessfeldt: "Re: [PATCH 1/1] x86: Fix mcheck_init_device() to handlemisc_register() correctly"
Previous message: Pekka Enberg: "Re: [PATCH] Make /proc/slabinfo 0400"
In reply to: Dan Rosenberg: "Re: [PATCH] Make /proc/slabinfo 0400"
Next in thread: Dan Rosenberg: "Re: [PATCH] Make /proc/slabinfo 0400"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 4, 2011 at 10:37 PM, Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote:
> This patch makes these techniques more difficult by making it hard to
> know whether the last attacker-allocated object resides before a free or
> allocated object. Especially with vulnerabilities that only allow one
> attempt at exploitation before recovery is needed to avoid trashing too
> much heap state and causing a crash, this could go a long way. I'd
> still argue in favor of removing the ability to know how many objects
> are used in a given slab, since randomizing objects doesn't help if you
> know every object is allocated.

So if the attacker knows every object is allocated, how does that help
if we're randomizing the initial freelist?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Johan Wessfeldt: "Re: [PATCH 1/1] x86: Fix mcheck_init_device() to handlemisc_register() correctly"
Previous message: Pekka Enberg: "Re: [PATCH] Make /proc/slabinfo 0400"
In reply to: Dan Rosenberg: "Re: [PATCH] Make /proc/slabinfo 0400"
Next in thread: Dan Rosenberg: "Re: [PATCH] Make /proc/slabinfo 0400"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]