Re: [kernel-hardening] [PATCH] [RFC] Introduce mmap randomization
From: Daniel Micay
Date: Thu Aug 04 2016 - 13:10:19 EST
On Thu, 2016-08-04 at 16:55 +0000, Roberts, William C wrote:
> >
> > -----Original Message-----
> > From: Daniel Micay [mailto:danielmicay@xxxxxxxxx]
> > Sent: Thursday, August 4, 2016 9:53 AM
> > To: kernel-hardening@xxxxxxxxxxxxxxxxxx; jason@xxxxxxxxxxxxxx;
> > linux-
> > mm@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; akpm@linux-
> > foundation.org
> > Cc: keescook@xxxxxxxxxxxx; gregkh@xxxxxxxxxxxxxxxxxxx; nnk@xxxxxxxxx
> > m;
> > jeffv@xxxxxxxxxx; salyzyn@xxxxxxxxxxx; dcashman@xxxxxxxxxxx
> > Subject: Re: [kernel-hardening] [PATCH] [RFC] Introduce mmap
> > randomization
> >
> > On Tue, 2016-07-26 at 11:22 -0700, william.c.roberts@xxxxxxxxx
> > wrote:
> > >
> > > The recent get_random_long() change in get_random_range() and then
> > > the
> > > subsequent patches Jason put out, all stemmed from my tinkering
> > > with
> > > the concept of randomizing mmap.
> > >
> > > Any feedback would be greatly appreciated, including any feedback
> > > indicating that I am idiot.
> >
> > The RAND_THREADSTACK feature in grsecurity makes the gaps the way I
> > think
> > would be ideal, i.e. tracked as part of the appropriate VMA. It
> > would be
> > straightforward to make it more general purpose.
>
> I am not familiar with that, thanks for pointing it out. I'll take a
> look when my time
> frees up for this again.
I'm actually wrong about that now that I look more closely...Attachment:
signature.asc
Description: This is a digitally signed message part