On Tue, Apr 9, 2013 at 11:50 AM, H. Peter Anvin <hpa@xxxxxxxxx> wrote: > On 04/09/2013 11:46 AM, Kees Cook wrote: >> >> Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables >> reports. It's just the High Kernel Mapping that we care about. >> Addresses outside that range are less of a leak. Excellent, then GDT >> may not be a problem. Whew. >> > > It does beg the question if we need to randomize kmalloc... which could > have issues by itself. Agreed, but this should be a separate issue. As is the fact that GDT is writable and a discoverable target. -Kees -- Kees Cook Chrome OS Security _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
