RE: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks

From: Eric Dumazet
Date: Mon May 20 2013 - 09:35:00 EST

Next message: Viresh Kumar: "Re: NOHZ: WARNING: at arch/x86/kernel/smp.c:123 native_smp_send_reschedule,round 2"
Previous message: Sergey Senozhatsky: "possible circular locking dependency on CPU hot plug"
In reply to: Eric Dumazet: "Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks"
Next in thread: Florian Westphal: "Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2013-05-20 at 09:51 +0100, David Laight wrote:

> Hmmm.... anyone looking to overwrite kernel code will then start
> looking for blocks of 0xcc bytes and know that what follows
> is the beginning of a function.
> That isn't any harder than random writes.
>
> Copying a random part of .rodata might be better - especially
> if you can find part of .rodata.str*.

That's not the point. We want to catch jumps to before/after the code.

An attacker having full access to kernel code in read and write mode has
full power anyway to do whatever he wants.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Viresh Kumar: "Re: NOHZ: WARNING: at arch/x86/kernel/smp.c:123 native_smp_send_reschedule,round 2"
Previous message: Sergey Senozhatsky: "possible circular locking dependency on CPU hot plug"
In reply to: Eric Dumazet: "Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks"
Next in thread: Florian Westphal: "Re: [PATCH net-next] x86: bpf_jit_comp: secure bpf jit againstspraying attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]