On Thu, 2011-03-03 at 17:08 -0600, Matt Mackall wrote: > > I appreciate your input on this, you've made very reasonable points. > > I'm just not convinced that those few real users are being substantially > > inconvenienced, even if there's only a small benefit for the larger > > population of users who are at risk for attacks. Perhaps others could > > contribute their opinions to the discussion. Kees Cook was nice enough to point out a few of the ways this can get misused. It looks like the basic pattern is to use slabinfo to determine where an object was likely to have been allocated in the slab in order to more precisely target the next stage of the attack. I do see how much easier slabinfo makes this. Do any of the attacks that we know about rely on anything _but_ trying to figure out when a slab page got consumed? If I were an attacker, I'd probably just start watching /proc/meminfo for when Slab/SReclaimable/SUnreclaim get bumped. That'll also give me a pretty good indicator of where my object is in the slab. Granted, doing that still puts one more level of opaqueness in the way. slabinfo definitely makes it more straightforward. -- Dave -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>