Dailydave mailing list archives
Re: [Full-Disclosure] "Advances in Security" in the Linux Kernel and RedHat idiocy
From: Arjan van de Ven <arjanv () redhat com>
Date: Thu, 27 Jan 2005 18:28:12 +0100
On Thu, Jan 27, 2005 at 11:10:43AM -0500, Brad Spengler wrote:
Just wanted to point out to you guys the INCREDIBLE advances in Linux security underway on LKML from security expert Arjan van de Ven: http://lkml.org/lkml/2005/1/27/62 On the subject of his i386-only mmap randomization patch: The randomisation range is 1 megabyte (this is bigger than the stack randomisation since the stack randomisation only needs 16 bytes alignment while the mmap needs page alignment, a 64kb range would not have given enough entropy to be effective) If we do a little math.. 1048576 / 4096 = 256 65536 / 16 = 4096 256 different locations for the mmap base, 4096 different locations for the stack (and apparently argv/envp pages get no randomization) Anyone with half a brain would see this is a joke, but not security expert Arjan van de Ven:
I think the joke is on you in this case. There is a large patch series of which you judge the first steps only. Those steps introduce the infrastructure and concepts into the kernel, and later patches will tweak the exact numbers to values with more entropy. ONCE THEY EXISTING INFRASTRUCTURE IS ACCEPTED AND DEBUGGED. Maybe you don't understand that, I assume a lot of the other readers of this list do. You don't plop a huge patch in the linux kernel in one chunk. You do it in nice small, incremental and debuggable steps. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: [Full-Disclosure] "Advances in Security" in the Linux Kernel and RedHat idiocy Arjan van de Ven (Jan 27)
- <Possible follow-ups>
- Re: [Full-Disclosure] "Advances in Security" in the Linux Kernel and RedHat idiocy Brad Spengler (Jan 28)