On Mon, Mar 9, 2015 at 4:43 PM, Eric W. Biederman <ebied...@xmission.com> wrote: > > A 1 to 1 blinding function like integer multiplication mudulo 2^32 by an > appropriate random number ought to keep from revealing page numbers or > page ajacencies while not requiring any changes in userspace. > > That way the revealed pfn and the physcial pfn would be different but > you could still use pagemap for it's intended purpose.
If this could be done in a way where it was sufficiently hard to expose the random number, we should absolutely do this. And this could be done for socket handles in INET_DIAG too. We have a lot of these kinds of "handle" leaks where the handle's can be regarded as private information leakage. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
