Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753041Ab3JBFgf (ORCPT ); Wed, 2 Oct 2013 01:36:35 -0400 Received: from mail-ie0-f175.google.com ([209.85.223.175]:43410 "EHLO mail-ie0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751977Ab3JBFgc (ORCPT ); Wed, 2 Oct 2013 01:36:32 -0400 MIME-Version: 1.0 In-Reply-To: <524BAF92.1090705@zytor.com> References: <1380656245-29975-1-git-send-email-keescook@chromium.org> <20131002050714.GA27982@gmail.com> <20131002052531.GA31122@gmail.com> <524BAF92.1090705@zytor.com> Date: Tue, 1 Oct 2013 22:36:31 -0700 X-Google-Sender-Auth: E4g4Gn2ttJcysky3u5oUHqgX1wo Message-ID: Subject: Re: [PATCH v6 0/7] Kernel base address randomization From: Kees Cook To: "H. Peter Anvin" Cc: Ingo Molnar , LKML , "x86@kernel.org" , "kernel-hardening@lists.openwall.com" , Aaron Durbin , Eric Northup , Julien Tinnes , Will Drewry , Mathias Krause , Zhang Yanfei , Linus Torvalds , Andrew Morton , Arnaldo Carvalho de Melo , Peter Zijlstra , Thomas Gleixner Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1567 Lines: 38 On Tue, Oct 1, 2013 at 10:30 PM, H. Peter Anvin wrote: > On 10/01/2013 10:25 PM, Ingo Molnar wrote: >> >> I mean, for example in an oops message we print data in words: the RIP, >> other registers and stack contents. If any of these values lies within the >> randomization range then we could de-randomize it. >> >> So instead of exposing randomized values, we could expose de-randomized >> values. >> >> ( This isn't fool-proof: if some data value happens to lie within the >> random range spuriously then we'll incorrectly transform it. In the >> context of oops messages this should not be a big practical problem >> though. ) >> > > I don't agree that this isn't a big practical problem. I often find it > necessary to pick out "things that look like pointers". Overall, > derandomization would make it possible to get really confused when you > have things like half a pointer overwritten. I think reflecting the reality of the system is the correct way to go. Attempting to do the derandomization on the live system seems extremely fragile. It's much cleaner to have a "true" view of the running system and work from there. I don't want to have to wonder if my kernel is lying to me about where things are in memory any more than it already does. :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/