Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750984AbWEVQoS (ORCPT ); Mon, 22 May 2006 12:44:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750986AbWEVQoS (ORCPT ); Mon, 22 May 2006 12:44:18 -0400 Received: from mailout1.vmware.com ([65.113.40.130]:46345 "EHLO mailout1.vmware.com") by vger.kernel.org with ESMTP id S1750982AbWEVQoR (ORCPT ); Mon, 22 May 2006 12:44:17 -0400 Message-ID: <4471EA60.8080607@vmware.com> Date: Mon, 22 May 2006 09:44:16 -0700 From: Zachary Amsden User-Agent: Thunderbird 1.5.0.2 (X11/20060420) MIME-Version: 1.0 To: Jakub Jelinek Cc: Andrew Morton , Rusty Russell , mingo@elte.hu, linux-kernel@vger.kernel.org, torvalds@osdl.org, virtualization@lists.osdl.org, kraxel@suse.de Subject: Re: [PATCH] Gerd Hoffman's move-vsyscall-into-user-address-range patch References: <1147759423.5492.102.camel@localhost.localdomain> <20060516064723.GA14121@elte.hu> <1147852189.1749.28.camel@localhost.localdomain> <20060519174303.5fd17d12.akpm@osdl.org> <20060522162949.GG30682@devserv.devel.redhat.com> In-Reply-To: <20060522162949.GG30682@devserv.devel.redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1281 Lines: 27 Jakub Jelinek wrote: > > That's known bug in early glibcs short after adding vDSO support. > The vDSO support has been added in May 2003 to CVS glibc (i.e. post glibc > 2.3.2) and the problems have been fixed when they were discovered, in > February 2004: > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00053.html > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00059.html > > I strongly believe we want randomized vDSOs, people are already abusing the > fix mapped vDSO for attacks, and I think the unfortunate 10 months of broken > glibc shouldn't stop that forever. Anyone using such glibc can still use > vdso=0, or do that just once and upgrade to somewhat more recent glibc. > While I'm now inclined to agree with randomization, I think the default should be off. You can quite easily "echo 1 > /proc/sys/kernel/vdso_randomization" in the RC scripts, which allows you to maintain compatibility for everyone and get randomization turned on early enough to thwart attacks against any vulnerable daemons. Zach - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/