Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110907093411.GA4752@albatros>
Date: Wed, 7 Sep 2011 13:34:11 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: [RFC] x86, mm: start mmap allocation for
 libs from low addresses

Solar,

On Wed, Sep 07, 2011 at 13:30 +0400, Solar Designer wrote:
> > +#ifdef CONFIG_VM86
> > +/*
> > + * Don't touch any memory that can be addressed by vm86 apps.
> > + * Reserve the first 1 MiB + 64 kb.
> > + */
> > +#define ASCII_ARMOR_MIN_ADDR 0x00110000
> > +#else
> > +/* No special users of low addresses.  Start just after mmap_min_addr. */
> > +#define ASCII_ARMOR_MIN_ADDR 0
> > +#endif
> 
> What if mmap_min_addr set really low, or is even 0?  I think we want to
> skip low addresses even if processes are permitted to use those.
> (Permitted does not mean encouraged.)  So how about ASCII_ARMOR_MIN_ADDR
> 0x19000 (100 KB) when !CONFIG_VM86?

Are you talking about safety with NULL pointer dereferencing?


> > +	/* We ALWAYS start from the beginning as base addresses
> > +	 * with zero high bits is a valued resource */
> 
> s/valued/scarce and valuable/
> 
> > +		 * If kernel.randomize_va_space < 2, the executable is build as
> 
> s/build/built/

Right, thank you!

-- 
Vasiliy

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.