On Tue, Oct 1, 2013 at 10:30 PM, H. Peter Anvin <h...@zytor.com> wrote: > On 10/01/2013 10:25 PM, Ingo Molnar wrote: >> >> I mean, for example in an oops message we print data in words: the RIP, >> other registers and stack contents. If any of these values lies within the >> randomization range then we could de-randomize it. >> >> So instead of exposing randomized values, we could expose de-randomized >> values. >> >> ( This isn't fool-proof: if some data value happens to lie within the >> random range spuriously then we'll incorrectly transform it. In the >> context of oops messages this should not be a big practical problem >> though. ) >> > > I don't agree that this isn't a big practical problem. I often find it > necessary to pick out "things that look like pointers". Overall, > derandomization would make it possible to get really confused when you > have things like half a pointer overwritten.
I think reflecting the reality of the system is the correct way to go. Attempting to do the derandomization on the live system seems extremely fragile. It's much cleaner to have a "true" view of the running system and work from there. I don't want to have to wonder if my kernel is lying to me about where things are in memory any more than it already does. :) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
