Re: How to enable/disable security features on mmap() ?

[Emmanuel Fleury]

linux-os (Dick Johnson) wrote:
> 
> In reference to the random-stack patch....
> 
> Executing the following program on linux-2.6.13.4:
> 
> #include <stdio.h>
> 
> int main()
> {
>      int foo;
>      printf("%p\n", &foo);
>      return 0;
> }
> 
> ... a few thousand times and sorting its output shows
> the stack varies from:
>  	0xbf7fe144 -> 0xbffff674
> 
> Isn't this too much?  I thought the random-stack patch was
> only supposed to vary it a page or 64k at most. This looks
> like some broken logic because it varies almost 8 megabytes!
> No wonder some of my user's database programs sometimes seg-fault
> and other times work perfectly fine. I think this is incorrect
> and shows a serious bug (misbehavior).

Well, there are some other strangeness (especially when running on a
x86_64 architecture). See:

http://dept-info.labri.fr/~fleury/LS05/download/papers/notes_on_ASLR.txt

The ASLR should take advantage of the 64 bits wide address pointers but
doesn't. It behaves as on a 32bits architecture. I didn't find why (must
be a good reason though but I'm just puzzled).

Moreover, the libc location (and all other dynamic libs) is not
randomized under x86_64. I have no explanation for this. :-/

Regards
-- 
Emmanuel Fleury

I worry about my child and the Internet all the time, even though
she's too young to have logged on yet. Here's what I worry about.
I worry that 10 or 15 years from now, she will come to me and say
'Daddy, where were you when they took freedom of the press away
 from the Internet?'.
  -- Mike Godwin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/