From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f71.google.com (mail-wm0-f71.google.com [74.125.82.71]) by kanga.kvack.org (Postfix) with ESMTP id 0019F6B0003 for ; Tue, 27 Feb 2018 16:31:43 -0500 (EST) Received: by mail-wm0-f71.google.com with SMTP id t123so339335wmt.2 for ; Tue, 27 Feb 2018 13:31:43 -0800 (PST) Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id k9sor50482wrh.87.2018.02.27.13.31.42 for (Google Transport Security); Tue, 27 Feb 2018 13:31:42 -0800 (PST) Subject: Re: [RFC PATCH] Randomization of address chosen by mmap. References: <20180227131338.3699-1-blackzert@gmail.com> From: lazytyped Message-ID: <089e9c52-f623-085a-4d8b-d91cfc6a3608@gmail.com> Date: Tue, 27 Feb 2018 22:31:38 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: owner-linux-mm@kvack.org List-ID: To: Kees Cook , Ilya Smith Cc: Andrew Morton , Dan Williams , Michal Hocko , "Kirill A. Shutemov" , Jan Kara , Jerome Glisse , Hugh Dickins , Matthew Wilcox , Helge Deller , Andrea Arcangeli , Oleg Nesterov , Linux-MM , LKML , Kernel Hardening On 2/27/18 9:52 PM, Kees Cook wrote: > I'd like more details on the threat model here; if it's just a matter > of .so loading order, I wonder if load order randomization would get a > comparable level of uncertainty without the memory fragmentation, This also seems to assume that leaking the address of one single library isn't enough to mount a ROP attack to either gain enough privileges or generate a primitive that can leak further information. Is this really the case? Do you have some further data around this? A A A A A A -A twiz -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org