On Sat, Mar 5, 2011 at 12:10 AM, Pekka Enberg <penberg@xxxxxxxxxx> wrote:
> I can think of four things that will make things harder for the
> attacker (in the order of least theoretical performance impact):
>
> (1) disable slub merging
>
> (2) pin down random objects in the slab during setup (i.e. don't
> allow them to be allocated)
>
> (3) randomize the initial freelist
>
> (4) randomize padding between objects in a slab
>
> AFAICT, all of them will make brute force attacks using the kernel
> heap as an attack vector harder but won't prevent them.
There's also a fifth one:
(5) randomize slab page allocation order
which will make it harder to make sure you have full control over a
slab and figure out which allocation lands on it.
Pekka
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxxx For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href