From: Jesper Juhl <jj@chaosbits.net>
To: Matt Mackall <mpm@selenic.com>
Cc: Dan Rosenberg <drosenberg@vsecurity.com>,
Pekka Enberg <penberg@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Dave Hansen <dave@linux.vnet.ibm.com>,
Theodore Tso <tytso@mit.edu>,
cl@linux-foundation.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, Ingo Molnar <mingo@elte.hu>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] Make /proc/slabinfo 0400
Date: Sun, 6 Mar 2011 02:15:13 +0100 (CET) [thread overview]
Message-ID: <alpine.LNX.2.00.1103060213110.6297@swampdragon.chaosbits.net> (raw)
In-Reply-To: <1299373781.3062.374.camel@calx>
On Sat, 5 Mar 2011, Matt Mackall wrote:
> On Sun, 2011-03-06 at 01:42 +0100, Jesper Juhl wrote:
> > On Fri, 4 Mar 2011, Dan Rosenberg wrote:
> >
> > > On Fri, 2011-03-04 at 22:58 +0200, Pekka Enberg wrote:
> > > > On Fri, Mar 4, 2011 at 10:37 PM, Dan Rosenberg <drosenberg@vsecurity.com> wrote:
> > > > > This patch makes these techniques more difficult by making it hard to
> > > > > know whether the last attacker-allocated object resides before a free or
> > > > > allocated object. Especially with vulnerabilities that only allow one
> > > > > attempt at exploitation before recovery is needed to avoid trashing too
> > > > > much heap state and causing a crash, this could go a long way. I'd
> > > > > still argue in favor of removing the ability to know how many objects
> > > > > are used in a given slab, since randomizing objects doesn't help if you
> > > > > know every object is allocated.
> > > >
> > > > So if the attacker knows every object is allocated, how does that help
> > > > if we're randomizing the initial freelist?
> > >
> > > If you know you've got a slab completely full of your objects, then it
> > > doesn't matter that they happened to be allocated in a random fashion -
> > > they're still all allocated, and by freeing one of them and
> > > reallocating, you'll still be next to your target.
> > >
> >
> > But still, if randomizing allocations makes life just a little harder for
> > attackers in some scenarios, why not just do it?
>
> Lemme guess, you work for the TSA?
>
No. And now I actually feel slightly insulted.
> As far as I can tell neither of the patches under discussion do anything
> that couldn't be worked around by an exploit writer in the time it takes
> to write this email. And the second attacker, of course, will have even
> less trouble.
>
> Putting trivial obstacles in the way of attackers accomplishes little
> beyond annoying users.
>
If we annoy users I agree we shouldn't. If we don't annoy users (and don't
impact performance in any relevant way) then even trivial obstacles that
stop just a few exploits are worth it IMHO.
--
Jesper Juhl <jj@chaosbits.net> http://www.chaosbits.net/
Plain text mails only, please.
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2011-03-06 1:15 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-03 17:50 Dan Rosenberg
2011-03-03 18:17 ` Dave Hansen
2011-03-03 18:29 ` Dan Rosenberg
2011-03-03 20:58 ` Matt Mackall
2011-03-03 21:16 ` Dan Rosenberg
2011-03-03 21:44 ` Matt Mackall
2011-03-03 22:30 ` Dan Rosenberg
2011-03-03 23:08 ` Matt Mackall
2011-03-04 0:32 ` Dave Hansen
2011-03-04 0:50 ` Theodore Tso
2011-03-04 6:52 ` Pekka Enberg
2011-03-04 17:36 ` Dave Hansen
2011-03-04 17:48 ` Linus Torvalds
2011-03-04 18:14 ` Matt Mackall
2011-03-04 20:02 ` Pekka Enberg
2011-03-04 20:31 ` Matt Mackall
2011-03-04 20:42 ` Dan Rosenberg
2011-03-04 20:56 ` Pekka Enberg
2011-03-04 21:08 ` Dan Rosenberg
2011-03-04 21:30 ` Pekka Enberg
2011-03-04 21:44 ` Dan Rosenberg
2011-03-04 22:10 ` Pekka Enberg
2011-03-04 22:14 ` Pekka Enberg
2011-03-04 23:02 ` Matt Mackall
2011-03-05 16:25 ` Ted Ts'o
2011-03-06 13:19 ` Alan Cox
2011-03-07 14:56 ` Dan Rosenberg
2011-03-07 16:02 ` Matt Mackall
2011-03-04 20:37 ` Dan Rosenberg
2011-03-04 20:58 ` Pekka Enberg
2011-03-04 21:10 ` Dan Rosenberg
2011-03-06 0:42 ` Jesper Juhl
2011-03-06 0:57 ` Dan Rosenberg
2011-03-06 1:09 ` Matt Mackall
2011-03-06 1:15 ` Jesper Juhl [this message]
2011-03-07 16:40 ` Christoph Lameter
2011-03-04 21:12 ` Matt Mackall
2011-03-04 11:58 ` Alan Cox
2011-03-07 14:19 [PATCH] Make /proc/slabinfo 040 George Spelvin
2011-03-07 17:49 ` [PATCH] Make /proc/slabinfo 0400 George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.2.00.1103060213110.6297@swampdragon.chaosbits.net \
--to=jj@chaosbits.net \
--cc=akpm@linux-foundation.org \
--cc=cl@linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=drosenberg@vsecurity.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@elte.hu \
--cc=mpm@selenic.com \
--cc=penberg@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox