Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 2 Apr 2012 12:37:38 -0700
From:      Peter Wemm <peter@wemm.org>
To:        Richard Yao <ryao@cs.stonybrook.edu>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Text relocations in kernel modules
Message-ID:  <CAGE5yCrz45AWeJGv=2UWRq7xpXZVtvsx%2B5O6cvaE6ZzoFrz5mA@mail.gmail.com>
In-Reply-To: <4F79FCB8.1090003@cs.stonybrook.edu>
References:  <4F75E404.8000104@cs.stonybrook.edu> <4F75EF86.6090909@cs.stonybrook.edu> <20120330190713.GG2358@deviant.kiev.zoral.com.ua> <4F760C9E.6060405@cs.stonybrook.edu> <20120330194649.GH2358@deviant.kiev.zoral.com.ua> <4F761371.7020606@cs.stonybrook.edu> <20120330203605.GI2358@deviant.kiev.zoral.com.ua> <4F76350F.8000708@cs.stonybrook.edu> <20120330224631.GJ2358@deviant.kiev.zoral.com.ua> <4F7637F3.2060502@cs.stonybrook.edu> <CAGE5yCpuvsVrc-%2BDTVas-W4fjuP2s%2B6PQONMOTyEbGnj2CY3ig@mail.gmail.com> <4F766F29.2030803@cs.stonybrook.edu> <CAFHbX1KiZx68MP4bCAvPc0Zui3fA4O35_z3kP781zoJqLYp7Bw@mail.gmail.com> <4F79D88B.3040102@cs.stonybrook.edu> <CAFHbX1KE15G9gx7Duw2R8zC5jL1jiEir0yMB0-s5%2B4xx517WtQ@mail.gmail.com> <4F79E27E.3000509@cs.stonybrook.edu> <CAGE5yCrwLosuTT2yq0DEx%2Bz8ztKpkrB=tORmURcuh_SCz=L7qg@mail.gmail.com> <4F79FCB8.1090003@cs.stonybrook.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 2, 2012 at 12:23 PM, Richard Yao <ryao@cs.stonybrook.edu> wrote=
:
> On 04/02/12 14:46, Peter Wemm wrote:
>> Remember.. ASLR is a userland thing. =A0.ko files, which is what this
>> thread is about, already use random address layout. =A0When you do a
>> "kldload virtio.ko", you have no way to predict what address it will
>> be loaded at. =A0And you don't even have access to the addresses.
>>
>> Of course if you want to talk about ASLR and userland .so files then
>> that's an entirely different thing. =A0But this thread is about your
>> tools finding DT_TEXTREL in a .ko kernel file, not userland .so files.
>>
>
> The PaX project's patches to the Linux kernel include kernel stack
> randomization. The Gentoo Hardened project makes use of this in their
> fork of the Linux kernel.
>

I looked at their code, and their description here:
http://pax.grsecurity.net/docs/randkstack.txt

Of note:
"pax_randomize_kstack() gathers entropy from the rdtsc instruction
(read time stamp counter) and applies it to bits 2-6 of the kernel
stack pointer. This means that 5 bits are randomized providing a
maximum shift of 128 bytes - this was deemed safe enough to not cause
kernel stack overflows  yet give enough randomness to deter
guessing/brute forcing attempts."

This has nothing to do with the DT_TEXTREL in .ko that this thread is
about and has no bearing on ASLR in any way.
--=20
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV
"All of this is for nothing if we don't go to the stars" - JMS/B5
"If Java had true garbage collection, most programs would delete
themselves upon execution." -- Robert Sewell



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGE5yCrz45AWeJGv=2UWRq7xpXZVtvsx%2B5O6cvaE6ZzoFrz5mA>