Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110907093036.GA17693@openwall.com>
Date: Wed, 7 Sep 2011 13:30:36 +0400
From: Solar Designer <solar@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: [RFC] x86, mm: start mmap allocation for libs from low addresses

Vasiliy,

On Wed, Sep 07, 2011 at 01:09:00PM +0400, Vasiliy Kulikov wrote:
> I've updated patch description, code comments, and "if" condition.  If
> no other objection, I'll post it as RFCv2 on LKML.

I've included some minor corrections below.  Please make changes
accordingly and post to LKML.

> +#ifdef CONFIG_VM86
> +/*
> + * Don't touch any memory that can be addressed by vm86 apps.
> + * Reserve the first 1 MiB + 64 kb.
> + */
> +#define ASCII_ARMOR_MIN_ADDR 0x00110000
> +#else
> +/* No special users of low addresses.  Start just after mmap_min_addr. */
> +#define ASCII_ARMOR_MIN_ADDR 0
> +#endif

What if mmap_min_addr set really low, or is even 0?  I think we want to
skip low addresses even if processes are permitted to use those.
(Permitted does not mean encouraged.)  So how about ASCII_ARMOR_MIN_ADDR
0x19000 (100 KB) when !CONFIG_VM86?

> +	/* We ALWAYS start from the beginning as base addresses
> +	 * with zero high bits is a valued resource */

s/valued/scarce and valuable/

> +		 * If kernel.randomize_va_space < 2, the executable is build as

s/build/built/

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.