On Mon, Nov 08, 2010 at 11:23:31PM -0800, Roland McGrath wrote: > Unless I missed it, you didn't say anything about why this change is > conditional on CONFIG_X86_32. Ah, this is related to wanting to not use the ascii-armor ASLR unless nx-emu is being used, and nx-emu is only enabled for CONFIG_X86_32. (Also, 64bit doesn't need ascii-armor ASLR because all of the addresses already have leading null btes.) This actually gets back to why I think these two patchsets shouldn't be split: nx-emu without arch_get_unmapped_exec_area() is not very useful (since shared library mmap would raise the CS limit past bss and brk, leaving only stack marked nx), and the ASLR in arch_get_unmapped_exec_area() isn't safe compared to upstream ASLR, so it should only be used when nx-emu is running. If these are going to stay in separate trees, I think arch_get_unmapped_exec_area() needs to move to nx-emu. The randomization chunks (the calls to randomize_range()) should be in the ASLR half. -Kees -- Kees Cook Ubuntu Security Team _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
