Re: [RFC] Per-architecture randomization

On Sun, 2006-06-04 at 00:14 -0400, John Richard Moser wrote:
> Pavel Machek recommended per-architecture randomization defaults when I
> poked a (very hackish) patch up here.  As follow-up, I have taken out
> the command line parameter code and used the infrastructure I wrote to
> implement per-architecture randomization settings.
> 
> Three #defines are needed per architecture, preferably in
> include/asm-ARCH/processor.h or equivalent.  These defines are as follows:
> 
>  STACK_ALIGN -- Alignment of the stack, typically 16 (bytes).
>     If not defined, stack randomization is carried out to page
>     granularity
>  ARCH_RANDOM_STACK_BITS -- Bits of entropy to apply to the stack.
>     If not defined, stack randomization is disabled by defining this
>     as 0.
>  ARCH_RANDOM_MMAP_BITS -- Bits of entropy to apply to the mmap() base.
>     If not defined, mmap() randomization is disabled by defining this
>     as 0.


eh....

I think you missed a few things..
like
1) This is per architecture already for the most part!
   arch_align_stack() is obvious per architecture already
   the mmap randomisation also happens in arch/<foo>/mm
   and this is per arch by definition as well
2) you missed that the mmap randomization is *ON TOP OF*
   the stack randomization. So while you say "1Mb" in your
   doc in practice it is 8Mb

Also your patch is still full of XXX's and "other noise"... 
Also you probably should explain what the advantage is over the existing
per architecture approach. Just stating "it's per architecture" (as you
suggest) doesn't cut it since it is per architecture already for the
most part.

If all you want to do is turn 
-       if (current->flags & PF_RANDOMIZE)
-               random_variable = get_random_int() % (8*1024*1024);

that 8 into a per architecture thing.. then your patch is awefully big
and complex to just achieve that.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RFC] Per-architecture randomization
    • From: John Richard Moser <[email protected]>

• References:
  • [RFC] Per-architecture randomization
    • From: John Richard Moser <[email protected]>

• Prev by Date: Re: [patch, -rc5-mm3] lock validator: fix ns83820.c irq-flags bug
• Next by Date: Re: [PATCH] readahead: initial method - expected read size - fix fastcall
• Previous by thread: [RFC] Per-architecture randomization
• Next by thread: Re: [RFC] Per-architecture randomization
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]