Jakub Jelinek wrote: > > That's known bug in early glibcs short after adding vDSO support. > The vDSO support has been added in May 2003 to CVS glibc (i.e. post glibc > 2.3.2) and the problems have been fixed when they were discovered, in > February 2004: > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00053.html > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00059.html > > I strongly believe we want randomized vDSOs, people are already abusing the > fix mapped vDSO for attacks, and I think the unfortunate 10 months of broken > glibc shouldn't stop that forever. Anyone using such glibc can still use > vdso=0, or do that just once and upgrade to somewhat more recent glibc. > While I'm now inclined to agree with randomization, I think the default should be off. You can quite easily "echo 1 > /proc/sys/kernel/vdso_randomization" in the RC scripts, which allows you to maintain compatibility for everyone and get randomization turned on early enough to thwart attacks against any vulnerable daemons. Zach
