On Sun, 3 Jun 2007, Ulrich Drepper wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Davide Libenzi wrote: > >> If randomizing each allocator is too expensive then randomize at the > >> very least the number of the first descriptor you give out. > > > > Can you tell me how this can be a problem, and in which way making a > > random thing would help? > > In attacking an application every bit of known data can be used in an > exploit. Be it something as simple as having a predetermined value at a > certain point in the program since it loaded a file descriptor into a > register. > > But what I'm mostly thinking about is the case where I/O could be > redirected. The intruding program could call dup2() and suddenly the > program wanting to write a password to disk could be directed to send it > over a socket. One could imagine countless such attacks. > > I don't say such an attack exists today. But this is no reason to not > implement these extra security measures. The cost of a randomized star > base (offset from 2^30) should be zero.
Randomizing the base is not a problem. Should this be always, or flag driven? - Davide - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
