[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch 4/6 randomize the stack pointer
-----BEGIN PGP SIGNED MESSAGE-----
What the hell?
So instead of bringing something in that works, you bring something in
that does significantly less, and gives no savings on overhead or patch
complexity why? So you can later come out and say "We're so great now
we've increased the randomization by tweaking one variable aren't we
Red Hat is all smoke and mirrors anyway when it comes to security, just
like Microsoft. This just reaffirms that.
Arjan van de Ven wrote:
> On Thu, 2005-01-27 at 12:38 -0500, John Richard Moser wrote:
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Arjan van de Ven wrote:
>>>The patch below replaces the existing 8Kb randomisation of the userspace
>>>stack pointer (which is currently only done for Hyperthreaded P-IVs) with a
>>>more general randomisation over a 64Kb range.
>>64k of stack randomization is trivial to evade.
> I think you're focussing on the 64k number WAY too much. Yes it's too
> small. But it's an initial number to show the infrastructure and get it
> tested. Yes it should and will be increased later on in the patch
> Same for the other heap randomisation.
> This thing is about getting the infrastructure in place and used. The
> actual numbers are mere finetuning that can be done near the end.
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/