Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964930Ab0GPJ7p (ORCPT ); Fri, 16 Jul 2010 05:59:45 -0400 Received: from fanny.its.uu.se ([130.238.4.241]:56973 "EHLO fanny.its.uu.se" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964895Ab0GPJ7o (ORCPT ); Fri, 16 Jul 2010 05:59:44 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <19520.11654.346814.433232@pilspetsen.it.uu.se> Date: Fri, 16 Jul 2010 11:59:34 +0200 From: Mikael Pettersson To: Xianghua Xiao Cc: linux-kernel@vger.kernel.org Subject: Re: anonymous mmap() and random heap allocation In-Reply-To: References: X-Mailer: VM 7.17 under Emacs 20.7.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 993 Lines: 23 Xianghua Xiao writes: > It seems mmap() can not do random allocation for malloc()/heap on > Linux, anyone used pax's 'mmap randonness' option for that? what's the > price for that? > > I want to port openbsd's malloc() to linux to avoid heap > crashes(overrun/underrun), openbsd's malloc() can do random allocation > for security reasons, meanwhile it helps to avoid some > overrun/underrun crashes with no extra cost, the latter is what I'm > looking for. You can implement this in user-space with existing kernel features. 1: place guard pages around mmap():ed data 2: parse /proc/self/maps and mmap(MAP_FIXED) 3: use a "safe" compiler or a dynamic binary instrumenter 4: use x86 segments (ugh!) 5: use a safe programming language ... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/