Re: [PATCH] Prefer kASLR over Hibernation

On 11/04/16 19:03, Kees Cook wrote: > On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: >> On 06/04/16 20:44, Kees Cook wrote: >>> When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >>> one or the other must be chosen at boot-time. Until now, hibernation

Re: [PATCH] Prefer kASLR over Hibernation

On 11/04/16 19:03, Kees Cook wrote: > On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: >> On 06/04/16 20:44, Kees Cook wrote: >>> When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >>> one or the other must be chosen at boot-time. Until now, hibernation >>> was selected when

Re: [PATCH] Prefer kASLR over Hibernation

On Mon, Apr 11, 2016 at 11:21 AM, Geert Uytterhoeven wrote: > On Mon, Apr 11, 2016 at 8:03 PM, Kees Cook wrote: >> On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: >>> On 06/04/16 20:44, Kees Cook wrote: When building

Re: [PATCH] Prefer kASLR over Hibernation

On Mon, Apr 11, 2016 at 11:21 AM, Geert Uytterhoeven wrote: > On Mon, Apr 11, 2016 at 8:03 PM, Kees Cook wrote: >> On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: >>> On 06/04/16 20:44, Kees Cook wrote: When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, one or

Re: [PATCH] Prefer kASLR over Hibernation

On Mon, Apr 11, 2016 at 8:03 PM, Kees Cook wrote: > On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: >> On 06/04/16 20:44, Kees Cook wrote: >>> When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >>> one or the other must be chosen

Re: [PATCH] Prefer kASLR over Hibernation

On Mon, Apr 11, 2016 at 8:03 PM, Kees Cook wrote: > On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: >> On 06/04/16 20:44, Kees Cook wrote: >>> When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >>> one or the other must be chosen at boot-time. Until now, hibernation >>>

Re: [PATCH] Prefer kASLR over Hibernation

On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: > Hi Kees, > > On 06/04/16 20:44, Kees Cook wrote: >> When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >> one or the other must be chosen at boot-time. Until now, hibernation >> was selected when no

Re: [PATCH] Prefer kASLR over Hibernation

On Mon, Apr 11, 2016 at 1:00 AM, James Morse wrote: > Hi Kees, > > On 06/04/16 20:44, Kees Cook wrote: >> When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >> one or the other must be chosen at boot-time. Until now, hibernation >> was selected when no choice was made on the

Re: [PATCH] Prefer kASLR over Hibernation

Hi Kees, On 06/04/16 20:44, Kees Cook wrote: > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > one or the other must be chosen at boot-time. Until now, hibernation > was selected when no choice was made on the command line. > > To make the security benefits of kASLR more

Re: [PATCH] Prefer kASLR over Hibernation

Hi Kees, On 06/04/16 20:44, Kees Cook wrote: > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > one or the other must be chosen at boot-time. Until now, hibernation > was selected when no choice was made on the command line. > > To make the security benefits of kASLR more

Re: [PATCH] Prefer kASLR over Hibernation

* Rafael J. Wysocki wrote: > [...] > > One of the weak points is the final jump, because it has to be done to the > physical location of the image kernel's entry point even though the virtual > addresses of it may differ between the boot and the image kernels. The seed >

Re: [PATCH] Prefer kASLR over Hibernation

* Rafael J. Wysocki wrote: > [...] > > One of the weak points is the final jump, because it has to be done to the > physical location of the image kernel's entry point even though the virtual > addresses of it may differ between the boot and the image kernels. The seed > is > not needed

Re: [PATCH] Prefer kASLR over Hibernation

* Kees Cook wrote: > >> I don't think this is a good idea, as it turns off emergency hibernation > >> of > >> laptops - many desktop distros support it by default. > > > > Right, I forgot about this one. > > When I last checked Ubuntu doesn't enable hibernation by

Re: [PATCH] Prefer kASLR over Hibernation

* Kees Cook wrote: > >> I don't think this is a good idea, as it turns off emergency hibernation > >> of > >> laptops - many desktop distros support it by default. > > > > Right, I forgot about this one. > > When I last checked Ubuntu doesn't enable hibernation by default any more: >

Re: [PATCH] Prefer kASLR over Hibernation

On wo, 2016-04-06 at 15:16 -0700, Kees Cook wrote: > And it seems like Fedora either doesn't either, or has a lot of people > for whom it doesn't work: > https://bugzilla.redhat.com/show_bug.cgi?id=1206936 > https://bugzilla.redhat.com/show_bug.cgi?id=1224151 >

Re: [PATCH] Prefer kASLR over Hibernation

On wo, 2016-04-06 at 15:16 -0700, Kees Cook wrote: > And it seems like Fedora either doesn't either, or has a lot of people > for whom it doesn't work: > https://bugzilla.redhat.com/show_bug.cgi?id=1206936 > https://bugzilla.redhat.com/show_bug.cgi?id=1224151 >

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 11:52 PM, Ingo Molnar wrote: > > * Ingo Molnar wrote: > >> >> * Kees Cook wrote: >> >> > On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds >> > wrote: >> > > On Wed, Apr 6, 2016 at

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 11:52 PM, Ingo Molnar wrote: > > * Ingo Molnar wrote: > >> >> * Kees Cook wrote: >> >> > On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds >> > wrote: >> > > On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: >> > >> >> > >> Why is kASLR incompatible with hibernation? We

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 3:04 PM, Rafael J. Wysocki wrote: > On Wed, Apr 6, 2016 at 11:56 PM, Ingo Molnar wrote: >> >> * Rafael J. Wysocki wrote: >> >>> On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: >>> > When

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 3:04 PM, Rafael J. Wysocki wrote: > On Wed, Apr 6, 2016 at 11:56 PM, Ingo Molnar wrote: >> >> * Rafael J. Wysocki wrote: >> >>> On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: >>> > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >>> > one or the

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 11:56 PM, Ingo Molnar wrote: > > * Rafael J. Wysocki wrote: > >> On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: >> > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >> > one or the other

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 11:56 PM, Ingo Molnar wrote: > > * Rafael J. Wysocki wrote: > >> On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: >> > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, >> > one or the other must be chosen at boot-time. Until now, hibernation >> > was

Re: [PATCH] Prefer kASLR over Hibernation

* Rafael J. Wysocki wrote: > On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: > > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > > one or the other must be chosen at boot-time. Until now, hibernation > > was selected when no

Re: [PATCH] Prefer kASLR over Hibernation

* Rafael J. Wysocki wrote: > On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: > > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > > one or the other must be chosen at boot-time. Until now, hibernation > > was selected when no choice was made on the command line. > > > >

Re: [PATCH] Prefer kASLR over Hibernation

* Ingo Molnar wrote: > > * Kees Cook wrote: > > > On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds > > wrote: > > > On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: > > >> > > >> Why is kASLR

Re: [PATCH] Prefer kASLR over Hibernation

* Ingo Molnar wrote: > > * Kees Cook wrote: > > > On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds > > wrote: > > > On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: > > >> > > >> Why is kASLR incompatible with hibernation? We can hibernate have > > >> 4.3 kernel resume hibernation image

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > one or the other must be chosen at boot-time. Until now, hibernation > was selected when no choice was made on the command line. > > To make the

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 9:44 PM, Kees Cook wrote: > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > one or the other must be chosen at boot-time. Until now, hibernation > was selected when no choice was made on the command line. > > To make the security benefits of kASLR

Re: [PATCH] Prefer kASLR over Hibernation

* Kees Cook wrote: > On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds > wrote: > > On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: > >> > >> Why is kASLR incompatible with hibernation? We can hibernate have > >> 4.3 kernel

Re: [PATCH] Prefer kASLR over Hibernation

* Kees Cook wrote: > On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds > wrote: > > On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: > >> > >> Why is kASLR incompatible with hibernation? We can hibernate have > >> 4.3 kernel resume hibernation image of 4.2 kernel (on x86-64, and I > >> have

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds wrote: > On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: >> >> Why is kASLR incompatible with hibernation? We can hibernate have >> 4.3 kernel resume hibernation image of 4.2 kernel (on x86-64, and I

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 1:56 PM, Linus Torvalds wrote: > On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: >> >> Why is kASLR incompatible with hibernation? We can hibernate have >> 4.3 kernel resume hibernation image of 4.2 kernel (on x86-64, and I >> have patches for x86). Resuming kernel

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: > > Why is kASLR incompatible with hibernation? We can hibernate have > 4.3 kernel resume hibernation image of 4.2 kernel (on x86-64, and I > have patches for x86). Resuming kernel with different randomization > does not look that

Re: [PATCH] Prefer kASLR over Hibernation

On Wed, Apr 6, 2016 at 1:17 PM, Pavel Machek wrote: > > Why is kASLR incompatible with hibernation? We can hibernate have > 4.3 kernel resume hibernation image of 4.2 kernel (on x86-64, and I > have patches for x86). Resuming kernel with different randomization > does not look that much

Re: [PATCH] Prefer kASLR over Hibernation

Hi! > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > one or the other must be chosen at boot-time. Until now, hibernation > was selected when no choice was made on the command line. > > To make the security benefits of kASLR more widely available to end > users (since

Re: [PATCH] Prefer kASLR over Hibernation

Hi! > When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, > one or the other must be chosen at boot-time. Until now, hibernation > was selected when no choice was made on the command line. > > To make the security benefits of kASLR more widely available to end > users (since

[PATCH] Prefer kASLR over Hibernation

When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, one or the other must be chosen at boot-time. Until now, hibernation was selected when no choice was made on the command line. To make the security benefits of kASLR more widely available to end users (since the use of

[PATCH] Prefer kASLR over Hibernation

When building with both CONFIG_HIBERNATION and CONFIG_RANDOMIZE_BASE, one or the other must be chosen at boot-time. Until now, hibernation was selected when no choice was made on the command line. To make the security benefits of kASLR more widely available to end users (since the use of