Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch

[Jamie Lokier]

Andi Kleen wrote:
> Executables are at fixed addresses.

No, they are not.

Look up PIE - Position Independent Executable.

That's the point: on a hardened system _all_ objects, executable and
libraries, are mapped at randomised addresses.  Therefore the simple
overwrite-return-address exploit is no longer reliable and tends to
crash the program.

That's what this desire for randomised VDSO address is all about.  The
executable and all the libraries are at random addresses in
security-hardened PIE systems.

(Actually even when executables are at fixed addresses, they can be
mapped at an address which is harder to exploit because the address
contains a zero byte - something which is harder to get into a buffer
overflow - but only a little harder).

[ Ulrich: I see randomised prelinking with PIE mentioned, to give
per-box random addresses instead of per process.  I guess I wasn't far
wrong in suggesting prelinked random VDSO positions :) ]

If you are not running PIE and randomised executable and library
positions, then I agree there is nothing to gain from varying the VDSO
position, and it is a slight performance loss so should be disabled.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/