* Roland McGrath <roland@xxxxxxxxxx> wrote: > I hope to manage to cajole Ingo into either upstreaming or punting that one > thing, the different arch_get_unmapped_area algorithm used for PROT_EXEC > mappings. I can't tell if it's actually of any use when we're not using the > segmentation hack or not. If it is, some version of it belongs upstream. Even not considering the segmentation based protection, it's useful (on 32-bit) because it compresses executable mappings into an address space region where all 32-bit addresses have a zero byte in them. This adds one more complication to exploits - for example ASCII string overflow based exploits (which cannot have a end-of-string zero byte in them) will have to work harder to generate an address into that address range. (Some may even be prevented altogether - although it's usually rather hard to disprove the exploitability of overflow bugs.) But upstream mm/ maintainers expressed a thundering disinterest in these kinds of changes, and the segmentation based trick was explicitly nak-ed IIRC. Thanks, Ingo _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
