On Sunday 27 February 2011 17:20:25 Pavel Labushev wrote: > 27.02.2011 22:32, "Tóth Attila" пишет: > http://grsecurity.net/pipermail/grsecurity/2010-April/001024.html - from here:
So if I understand pageexec's mail correctly, using a 32-bit hardened domU- kernel is more performant than the 64-variant when using UDEREF? What happens when I use a 64-bit hardened dom0-kernel on Xen underneath (since the machine has more than 4 GB RAM, each VM won't get that much)? Is the gain of security in this case worth the loss of randomization for ASLR? Thank you
