Ulrich Drepper wrote:
> You got to be kidding. Some object fixed in the address space which can
> perform system calls. Nothing is more welcome to somebody trying to
> exploit some bugs.
Two approaches to randomising the vdso address:
1. Selecting a random address at boot time. All tasks have the same
vdso for that run of the kernel. Advantages: no MSR write at
each context switch; could patch libsyscall.so at boot time with
address if we were fanatical about optimisation (i.e. other
libcs, not Glibc :) Disadvantages: the attacker may eventually
learn the address.
2. Select a random address for every new task. Advantages: harder
to guess from studying a machine for a long time. Disadvantages:
slower context switches; the gain from randomising each task is
nothing if all the tasks are very long lived anyway.
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo _at_ vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Follow-Ups:
- Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patchAndrea Arcangeli
- [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patchjohn stultz
- Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patchUlrich Drepper
- Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patchAndrea Arcangeli
- Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patchUlrich Drepper
- Prev by Date: Re: Promise PDC20269 (Ultra133 TX2) + Software RAID
- Next by Date: Re: 2.6.2-rc3-mm1
- Previous by thread: Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch
- Next by thread: Re: [RFC][PATCH] linux-2.6.2-rc2_vsyscall-gtod_B1.patch
- Indexes:[Main][Thread]