* Roland McGrath <[email protected]> wrote:
> I hope to manage to cajole Ingo into either upstreaming or punting that one
> thing, the different arch_get_unmapped_area algorithm used for PROT_EXEC
> mappings. I can't tell if it's actually of any use when we're not using the
> segmentation hack or not. If it is, some version of it belongs upstream.
Even not considering the segmentation based protection, it's useful (on
32-bit) because it compresses executable mappings into an address space region
where all 32-bit addresses have a zero byte in them.
This adds one more complication to exploits - for example ASCII string
overflow based exploits (which cannot have a end-of-string zero byte in them)
will have to work harder to generate an address into that address range. (Some
may even be prevented altogether - although it's usually rather hard to
disprove the exploitability of overflow bugs.)
But upstream mm/ maintainers expressed a thundering disinterest in these kinds
of changes, and the segmentation based trick was explicitly nak-ed IIRC.
Thanks,
Ingo
_______________________________________________
kernel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/kernel
