|
Message-ID: <476DC76E7D1DF2438D32BFADF679FC560127C34B@ORSMSX103.amr.corp.intel.com> Date: Wed, 3 Aug 2016 18:19:19 +0000 From: "Roberts, William C" <william.c.roberts@...el.com> To: 'Jason Cooper' <jason@...edaemon.net> CC: "'linux-mm@...ck.org'" <linux-mm@...ck.org>, "'linux-kernel@...r.kernel.org'" <linux-kernel@...r.kernel.org>, "'kernel-hardening@...ts.openwall.com'" <kernel-hardening@...ts.openwall.com>, "'akpm@...ux-foundation.org'" <akpm@...ux-foundation.org>, "'keescook@...omium.org'" <keescook@...omium.org>, "'gregkh@...uxfoundation.org'" <gregkh@...uxfoundation.org>, "'nnk@...gle.com'" <nnk@...gle.com>, "'jeffv@...gle.com'" <jeffv@...gle.com>, "'salyzyn@...roid.com'" <salyzyn@...roid.com>, "'dcashman@...roid.com'" <dcashman@...roid.com> Subject: RE: [PATCH] [RFC] Introduce mmap randomization <snip> > > > > > I would highly recommend studying those prior use cases and answering > > those concerns before progressing too much further. As I've mentioned > > elsewhere, you'll need to quantify the increased difficulty to the > > attacker that your patch imposes. Personally, I would assess that first to see if > it's worth the effort at all. > > Yes agreed. > For those following or those who care I have some preliminary results from a UML test bench. I need to set up better testing, this I know :-P and test under constrained environments etc. I ran 100,000 execs of bash and checked pmap for the location of libc's start address. I recorded this and kept track of the lowest address it was loaded at as well as the highest, the range is aprox 37 bits of entropy. I calculated the Shannon entropy by calculating the frequency of each address that libc was loaded at per 100,000 invocations, I am not sure if this is an abuse of that, considering Shannon's entropy is usually used to calculate the entropy of byte sized units in a file (below you will find my city script). Plotting the data, it looked fairly random. Number theory is not my strong suit, so if anyone has better ways of measuring entropy, I'm all ears, links appreciated. I'm going to fire up some VMs in the coming weeks and test this more, ill post back with results if they differ from UML. Including ARM tablets running Android. low: 0x40000000 high: 0x401cb15000 range: 0x3fdcb15000 Shannon entropy: 10.514440 #!/usr/bin/env python # modified from: http://www.kennethghartman.com/calculate-file-entropy/ import math import sys low=None high=None if len(sys.argv) != 2: print "Usage: file_entropy.py [path]filename" sys.exit() d = {} items=0 with open(sys.argv[1]) as f: for line in f: line = line.strip() line = line.lstrip("0") #print line items = items + 1 if line not in d: d[line] = 1 else: d[line] = d[line] + 1 x = int("0x" + line, 16) if low == None: low = x if high == None: high = x if x < low: low = x if x > high: high = x #print str(items) #print d print ("low: 0x%x" % low) print ("high: 0x%x" % high) print ("range: 0x%x" % (high - low)) # calculate the frequency of each address in the file # XXX Should this really be in the 64 bit address space? freqList = [] for k,v in d.iteritems(): freqList.append(float(v) / items) #print freqList # Shannon entropy ent = 0.0 for freq in freqList: if freq > 0: ent = ent + freq * math.log(freq, 2) ent = -ent print ('Shannon entropy: %f' % ent ) <snip>
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.