On Fri, Mar 4, 2011 at 10:37 PM, Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote: > This patch makes these techniques more difficult by making it hard to > know whether the last attacker-allocated object resides before a free or > allocated object. Especially with vulnerabilities that only allow one > attempt at exploitation before recovery is needed to avoid trashing too > much heap state and causing a crash, this could go a long way. I'd > still argue in favor of removing the ability to know how many objects > are used in a given slab, since randomizing objects doesn't help if you > know every object is allocated. So if the attacker knows every object is allocated, how does that help if we're randomizing the initial freelist? -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href