* Andi Kleen <ak@xxxxxxx> wrote: > The security argument seems quite bogus to me for this because you'll > never find enough bits to be reasonably secure in the limited 32bit > space. i'm surprised to still see this old (and dangerously misleading) argument. Even the current limited amount of randomization on i386 is pretty powerful against certain classes of worms and automated attacks. [ randomization on 64-bit would probably be useful against local attacks too - if we started doing it! But ASLR on x86_64 is in an even poorer shape than on i386, which is certainly not due to our lack of trying: see all those rejected patches of x86_64 heap randomization... But you dont have to believe me - check the exploit templates that make use of the VDSO page on x86_64. ] Ingo
