-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Davide Libenzi wrote: >> If randomizing each allocator is too expensive then randomize at the >> very least the number of the first descriptor you give out. > > Can you tell me how this can be a problem, and in which way making a > random thing would help?
In attacking an application every bit of known data can be used in an exploit. Be it something as simple as having a predetermined value at a certain point in the program since it loaded a file descriptor into a register. But what I'm mostly thinking about is the case where I/O could be redirected. The intruding program could call dup2() and suddenly the program wanting to write a password to disk could be directed to send it over a socket. One could imagine countless such attacks. I don't say such an attack exists today. But this is no reason to not implement these extra security measures. The cost of a randomized star base (offset from 2^30) should be zero. - -- ➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGYyid2ijCOnn/RHQRAjRoAJ9XsAazZtc9V3AxaPjiNMjK8jPUZgCdG/Eg KPug5Sq9REHd6H3AR0ax2aU= =9iUM -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
