Re: [PATCH v4 0/10] split ET_DYN ASLR from mmap ASLR

[PATCH v4 0/10] split ET_DYN ASLR from mmap ASLR · Kees Cook <hidden> · 2015-03-04
[PATCH v4 01/10] arm: factor out mmap ASLR into mmap_rnd · Kees Cook <hidden> · 2015-03-04
[PATCH v4 03/10] arm64: standardize mmap_rnd() usage · Kees Cook <hidden> · 2015-03-04
Re: [PATCH v4 03/10] arm64: standardize mmap_rnd() usage · Will Deacon <hidden> · 2015-03-17
Re: [PATCH v4 03/10] arm64: standardize mmap_rnd() usage · Kees Cook <hidden> · 2015-03-17
[PATCH v4 04/10] mips: extract logic for mmap_rnd() · Kees Cook <hidden> · 2015-03-04
[PATCH v4 05/10] powerpc: standardize mmap_rnd() usage · Kees Cook <hidden> · 2015-03-04
[PATCH v4 06/10] s390: standardize mmap_rnd() usage · Kees Cook <hidden> · 2015-03-04
Re: [PATCH v4 06/10] s390: standardize mmap_rnd() usage · Martin Schwidefsky <hidden> · 2015-03-09
[PATCH v4 07/10] mm: expose arch_mmap_rnd when available · Kees Cook <hidden> · 2015-03-04
[PATCH v4 08/10] s390: redefine randomize_et_dyn for ELF_ET_DYN_BASE · Kees Cook <hidden> · 2015-03-04
Re: [PATCH v4 08/10] s390: redefine randomize_et_dyn for ELF_ET_DYN_BASE · Martin Schwidefsky <hidden> · 2015-03-09
[PATCH v4 09/10] mm: split ET_DYN ASLR from mmap ASLR · Kees Cook <hidden> · 2015-03-04
[PATCH v4 10/10] mm: fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE · Kees Cook <hidden> · 2015-03-04
[PATCH v4 02/10] x86: standardize mmap_rnd() usage · Kees Cook <hidden> · 2015-03-04
Re: [PATCH v4 0/10] split ET_DYN ASLR from mmap ASLR · Ingo Molnar <mingo@kernel.org> · 2015-03-04
Re: [PATCH v4 0/10] split ET_DYN ASLR from mmap ASLR · Kees Cook <hidden> · 2015-03-04

From: Kees Cook <hidden>
Date: 2015-03-04 21:58:14
Also in: linux-arm-kernel, linux-fsdevel, linuxppc-dev, lkml

On Wed, Mar 4, 2015 at 1:54 PM, Ingo Molnar [off-list ref] wrote:

* Kees Cook [off-list ref] wrote:

quoted

To address the "offset2lib" ASLR weakness[1], this separates ET_DYN
ASLR from mmap ASLR, as already done on s390. The architectures
that are already randomizing mmap (arm, arm64, mips, powerpc, s390,
and x86), have their various forms of arch_mmap_rnd() made available
via the new CONFIG_ARCH_HAS_ELF_RANDOMIZE. For these architectures,
arch_randomize_brk() is collapsed as well.

This is an alternative to the solutions in:
https://lkml.org/lkml/2015/2/23/442

I've been able to test x86 and arm, and the buildbot (so far) seems
happy with building the rest.

Ok, this looks really good - for all patches:

   Reviewed-by: Ingo Molnar [off-list ref]

Great! Thanks for the suggestions and reviews. :)

-Kees

-- 
Kees Cook
Chrome OS Security

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help