|
Message-ID: <1839529.gLatmdanF9@x2>
Date: Wed, 10 Dec 2014 11:11:21 -0500
From: Steve Grubb <sgrubb@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Daniel Micay <danielmicay@...il.com>
Subject: Re: Offset2lib: bypassing full ASLR on 64bit Linux
On Tuesday, December 09, 2014 03:24:39 PM Daniel Micay wrote:
> > I studied this area 2 years ago for a gray hat talk and in preparation to
> > help set the policy going forward for Fedora and RHEL. The general
> > reason I've heard mentioned about why its not used as fully as possible
> > is that it adds memory pages that can't be coalesced or consolidated
> > because they are not the same.
>
> AFAIK, it doesn't cause a significant increase in memory usage. The
> whole point of position independent code is that it can be reused across
> processes. Dynamic libraries are already fully position independent.
This was the issue as I remember it, when you use PIE, it introduces a
writable memory segment for the indirection that is filled in lazily. Because
this is writeable it is per process. It is also per DSO. With desktop apps
linking against a 60 or so libraries and an average of 150 apps running at any
time, the memory used starts to really add up. Server workloads tend to have
apps with less libraries linked in but many more processes active.
Of course today systems are starting to ship with 16GB standard, but now we
add virtualization work loads and you have dozens more of the above. I think
this institutional memory of the old days kind of hinders any movement. We had
an internal debate of this on bz 786915 (which is not 100% open). The start up
performance never really a factor in the discussions. It was purely about
"wasted" memory.
-Steve
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.