Hello, Andrew

Thanks for reading this patch.

On 22 Mar 2018, at 23:57, Andrew Morton [off-list ref] =

wrote:

=20
On Thu, 22 Mar 2018 19:36:36 +0300 Ilya Smith [off-list ref] =

wrote:

=20

quoted

Current implementation doesn't randomize address returned by mmap.
All the entropy ends with choosing mmap_base_addr at the process
creation. After that mmap build very predictable layout of address
space. It allows to bypass ASLR in many cases.

=20
Perhaps some more effort on the problem description would help.  *Are*
people predicting layouts at present?  What problems does this cause?=20=

How are they doing this and are there other approaches to solving the
problem?
=20

Sorry, I=E2=80=99ve lost it in first version. In short - memory layout =
could be easily=20
repaired by single leakage. Also any Out of Bounds error may easily be=20=

exploited according to current implementation. All because mmap choose =
address=20
just before previously allocated segment. You can read more about it =
here:=20
http://www.openwall.com/lists/oss-security/2018/02/27/5
Some test are available here https://github.com/blackzert/aslur.=20
To solve the problem Kernel should randomize address on any mmap so
attacker could never easily gain needed addresses.

Mainly: what value does this patchset have to our users?  This reader
is unable to determine that from the information which you have
provided.  Full details, please.

The value of this patch is to decrease successful rate of exploitation
vulnerable applications.These could be either remote or local vectors.