|
Message-ID: <20110907093036.GA17693@openwall.com> Date: Wed, 7 Sep 2011 13:30:36 +0400 From: Solar Designer <solar@...nwall.com> To: kernel-hardening@...ts.openwall.com Subject: Re: [RFC] x86, mm: start mmap allocation for libs from low addresses Vasiliy, On Wed, Sep 07, 2011 at 01:09:00PM +0400, Vasiliy Kulikov wrote: > I've updated patch description, code comments, and "if" condition. If > no other objection, I'll post it as RFCv2 on LKML. I've included some minor corrections below. Please make changes accordingly and post to LKML. > +#ifdef CONFIG_VM86 > +/* > + * Don't touch any memory that can be addressed by vm86 apps. > + * Reserve the first 1 MiB + 64 kb. > + */ > +#define ASCII_ARMOR_MIN_ADDR 0x00110000 > +#else > +/* No special users of low addresses. Start just after mmap_min_addr. */ > +#define ASCII_ARMOR_MIN_ADDR 0 > +#endif What if mmap_min_addr set really low, or is even 0? I think we want to skip low addresses even if processes are permitted to use those. (Permitted does not mean encouraged.) So how about ASCII_ARMOR_MIN_ADDR 0x19000 (100 KB) when !CONFIG_VM86? > + /* We ALWAYS start from the beginning as base addresses > + * with zero high bits is a valued resource */ s/valued/scarce and valuable/ > + * If kernel.randomize_va_space < 2, the executable is build as s/build/built/ Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.