On Thu, Apr 7, 2016 at 2:14 PM, Jesper Dangaard Brouer
wrote:
>
> On Wed, 6 Apr 2016 14:45:30 -0700 Kees Cook wrote:
>
>> On Wed, Apr 6, 2016 at 12:35 PM, Thomas Garnier wrote:
> [...]
>> > re-used on slab creation for performance.
On Thu, Apr 7, 2016 at 2:14 PM, Jesper Dangaard Brouer
wrote:
>
> On Wed, 6 Apr 2016 14:45:30 -0700 Kees Cook wrote:
>
>> On Wed, Apr 6, 2016 at 12:35 PM, Thomas Garnier wrote:
> [...]
>> > re-used on slab creation for performance.
>>
>> I'd like to see some benchmark results for this so the
On Wed, 6 Apr 2016 14:45:30 -0700 Kees Cook wrote:
> On Wed, Apr 6, 2016 at 12:35 PM, Thomas Garnier wrote:
[...]
> > re-used on slab creation for performance.
>
> I'd like to see some benchmark results for this so the Kconfig can
> include the
On Wed, 6 Apr 2016 14:45:30 -0700 Kees Cook wrote:
> On Wed, Apr 6, 2016 at 12:35 PM, Thomas Garnier wrote:
[...]
> > re-used on slab creation for performance.
>
> I'd like to see some benchmark results for this so the Kconfig can
> include the performance characteristics. I recommend using
That's a use after free. The randomization of the freelist should not
have much effect on that. I was going to quote this exploit that is
applicable to SLAB as well:
https://jon.oberheide.org/blog/2010/09/10/linux-kernel-can-slub-overflow
Regards.
Thomas
On Thu, Apr 7, 2016 at 9:17 AM,
That's a use after free. The randomization of the freelist should not
have much effect on that. I was going to quote this exploit that is
applicable to SLAB as well:
https://jon.oberheide.org/blog/2010/09/10/linux-kernel-can-slub-overflow
Regards.
Thomas
On Thu, Apr 7, 2016 at 9:17 AM,
On mer., 2016-04-06 at 14:45 -0700, Kees Cook wrote:
> > This security feature reduces the predictability of
> > the kernel slab allocator against heap overflows.
>
> I would add "... rendering attacks much less stable." And if you can
> find a specific example exploit that is foiled by this, I
On mer., 2016-04-06 at 14:45 -0700, Kees Cook wrote:
> > This security feature reduces the predictability of
> > the kernel slab allocator against heap overflows.
>
> I would add "... rendering attacks much less stable." And if you can
> find a specific example exploit that is foiled by this, I
Thanks for the feedback Kees. I am preparing another RFC version.
For the config, I plan on creating an equivalent option for SLUB. Both
can benefit from randomizing their freelist order.
Thomas
On Wed, Apr 6, 2016 at 2:45 PM Kees Cook wrote:
>
> On Wed, Apr 6, 2016 at
Thanks for the feedback Kees. I am preparing another RFC version.
For the config, I plan on creating an equivalent option for SLUB. Both
can benefit from randomizing their freelist order.
Thomas
On Wed, Apr 6, 2016 at 2:45 PM Kees Cook wrote:
>
> On Wed, Apr 6, 2016 at 12:35 PM, Thomas Garnier
On Wed, Apr 6, 2016 at 12:35 PM, Thomas Garnier wrote:
> Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
> SLAB freelist.
It may be useful to describe _how_ it randomizes it (i.e. a high-level
description of what needed changing).
> This security
On Wed, Apr 6, 2016 at 12:35 PM, Thomas Garnier wrote:
> Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
> SLAB freelist.
It may be useful to describe _how_ it randomizes it (i.e. a high-level
description of what needed changing).
> This security feature reduces the
Yes, sorry about that. It will be in the next RFC or PATCH.
On Wed, Apr 6, 2016 at 1:54 PM, Greg KH wrote:
> On Wed, Apr 06, 2016 at 12:35:48PM -0700, Thomas Garnier wrote:
>> Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
>> SLAB freelist. This
Yes, sorry about that. It will be in the next RFC or PATCH.
On Wed, Apr 6, 2016 at 1:54 PM, Greg KH wrote:
> On Wed, Apr 06, 2016 at 12:35:48PM -0700, Thomas Garnier wrote:
>> Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
>> SLAB freelist. This security feature reduces the
On Wed, Apr 06, 2016 at 12:35:48PM -0700, Thomas Garnier wrote:
> Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
> SLAB freelist. This security feature reduces the predictability of
> the kernel slab allocator against heap overflows.
>
> Randomized lists are pre-computed
On Wed, Apr 06, 2016 at 12:35:48PM -0700, Thomas Garnier wrote:
> Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
> SLAB freelist. This security feature reduces the predictability of
> the kernel slab allocator against heap overflows.
>
> Randomized lists are pre-computed
Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
SLAB freelist. This security feature reduces the predictability of
the kernel slab allocator against heap overflows.
Randomized lists are pre-computed using a Fisher-Yates shuffle and
re-used on slab creation for performance.
Provide an optional config (CONFIG_FREELIST_RANDOM) to randomize the
SLAB freelist. This security feature reduces the predictability of
the kernel slab allocator against heap overflows.
Randomized lists are pre-computed using a Fisher-Yates shuffle and
re-used on slab creation for performance.
18 matches
Mail list logo