On Tue 03 Jun 2008, André Warnier wrote: > I find it interesting that the answers are all different on system (1), > but all the same on system (2). > I don't have a clue as to what it means, or what it does to my systems, > but I trust you do.
Just to enlighten you. Originally linux on x86 used to use a software interrupt 0x80 to implement syscalls. With newer processors this is a performance bottleneck. So a new interface (sysenter/sysexit) has been invented to switch from user space to kernel space and back. This new interface uses a special page that is mapped in the virtual address space of each process the so called Virtual Dynamic Shared Object (vdso). It was originally located at a well known place in the address space of a process because the C library needs to know where it is to make syscalls. Later on it was found that the exact place where in the address space the vdso page is located can be randomized a bit to enhance security. That makes it harder to perform attacks based on shell code injection or other things where the attacker needs to perform syscalls. But on the downside you need a glibc that knows how to locate that page itself. So older programs won't run on a system that randomizes the vdso location. So, what you see on "arthur" is a randomized vdso location and on "dent" a fixed one. Torsten -- Need professional mod_perl support? Just hire me: [EMAIL PROTECTED]
