* Andrew Morton <akpm@xxxxxxxx> wrote: > Zachary Amsden <zach@xxxxxxxxxx> wrote: > > > > Jakub Jelinek wrote: > > > > > > That's known bug in early glibcs short after adding vDSO support. > > > The vDSO support has been added in May 2003 to CVS glibc (i.e. post glibc > > > 2.3.2) and the problems have been fixed when they were discovered, in > > > February 2004: > > > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00053.html > > > http://sources.redhat.com/ml/libc-hacker/2004-02/msg00059.html > > > > > > I strongly believe we want randomized vDSOs, people are already abusing the > > > fix mapped vDSO for attacks, and I think the unfortunate 10 months of broken > > > glibc shouldn't stop that forever. Anyone using such glibc can still use > > > vdso=0, or do that just once and upgrade to somewhat more recent glibc. > > > > > > > While I'm now inclined to agree with randomization, I think the default > > should be off. You can quite easily "echo 1 > > > /proc/sys/kernel/vdso_randomization" in the RC scripts, which allows you > > to maintain compatibility for everyone and get randomization turned on > > early enough to thwart attacks against any vulnerable daemons. > > > > It kinda sucks but yes, that's obviously least-breakage approach. It > does mean that many people won't benefit from (and won't test!) the > new feature though. very much so. Especially for security it's really bad if a feature is default-off. I'm quite strongly against such an approach. > Unless there's some sneaky way of auto-detecting a modern userspace, > perhaps (something which mounts /sys?). i'd rather not overdesign it. And unfortunately there is no good way to autodetect it. > All very sad. is it really a big problem to add "vdso=0" to the long list of requirements you need to run a 2.6 kernel on an old distribution (or to disable CONFIG_VDSO)? FC1 wasnt even 2.6-ready, it used a 2.4 kernel! Ingo
