Zachary Amsden <[email protected]> wrote:
>
> Jakub Jelinek wrote:
> >
> > That's known bug in early glibcs short after adding vDSO support.
> > The vDSO support has been added in May 2003 to CVS glibc (i.e. post glibc
> > 2.3.2) and the problems have been fixed when they were discovered, in
> > February 2004:
> > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00053.html
> > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00059.html
> >
> > I strongly believe we want randomized vDSOs, people are already abusing the
> > fix mapped vDSO for attacks, and I think the unfortunate 10 months of broken
> > glibc shouldn't stop that forever. Anyone using such glibc can still use
> > vdso=0, or do that just once and upgrade to somewhat more recent glibc.
> >
>
> While I'm now inclined to agree with randomization, I think the default
> should be off. You can quite easily "echo 1 >
> /proc/sys/kernel/vdso_randomization" in the RC scripts, which allows you
> to maintain compatibility for everyone and get randomization turned on
> early enough to thwart attacks against any vulnerable daemons.
>
It kinda sucks but yes, that's obviously least-breakage approach. It does
mean that many people won't benefit from (and won't test!) the new feature
though.
Unless there's some sneaky way of auto-detecting a modern userspace,
perhaps (something which mounts /sys?).
All very sad.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
