Re: + syscalls-x86-add-__nr_kcmp-syscall-v8.patch added to -mm tree

[Oleg Nesterov]

On 04/10, H. Peter Anvin wrote:
>
> On 04/10/2012 04:08 PM, Oleg Nesterov wrote:
> >
> > OK, since this is discussed again...
> >
> > Can this comment can also explain why do we obfuscate the pointers
> > by type? I mean, I don't really understand why the one-dimensional
> > cookies[2] is "not enough" from security pov.
>
> Because it's cheap.  "Just enough" is not what you want to shoot for,
> ever, you want to get past the "just enough" point and then consider
> "what can I get for cheap at this point"?

OK, I am not arguing. Just I thought that the small note like
"we are doing this per-type to obfuscate even more" can help.
I wouldn't have asked, but Cyrill rewrites this comment anyway.

Perhaps this is just me, but my first (and wrong) impression was
that somehow this is needed for correctness.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/