* Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote: > Thanks, I looked at the exec-shield patch. It has some rough > edges (at least the 2.6.16 version I found). the most recent one is always in the Fedora rawhide kernel RPM/SRPM. (that means it closely tracks upstream.) > Gerd's is basically a minimal subset of the exec-shield: we > can go further towards exec-shield by using get_unmapped_area for the > vsyscall page rather than nailing it above the stack, but it takes us > from a 280-line patch to a 480-line patch. certainly looks good to me! What are the changes you did to the exec-shield implementation of vdso randomization? The patch seems largely identical to the one in exec-shield. (and it would be nice to do this on x86_64 too - exploits already exist using the fixmapped VDSO there as a trampoline.) Signed-off-by: Ingo Molnar <mingo@xxxxxxx> Ingo
