On Wed, Mar 4, 2015 at 1:54 PM, Ingo Molnar <mingo@xxxxxxxxxx> wrote: > > * Kees Cook <keescook@xxxxxxxxxxxx> wrote: > >> To address the "offset2lib" ASLR weakness[1], this separates ET_DYN >> ASLR from mmap ASLR, as already done on s390. The architectures >> that are already randomizing mmap (arm, arm64, mips, powerpc, s390, >> and x86), have their various forms of arch_mmap_rnd() made available >> via the new CONFIG_ARCH_HAS_ELF_RANDOMIZE. For these architectures, >> arch_randomize_brk() is collapsed as well. >> >> This is an alternative to the solutions in: >> https://lkml.org/lkml/2015/2/23/442 >> >> I've been able to test x86 and arm, and the buildbot (so far) seems >> happy with building the rest. > > Ok, this looks really good - for all patches: > > Reviewed-by: Ingo Molnar <mingo@xxxxxxxxxx> Great! Thanks for the suggestions and reviews. :) -Kees -- Kees Cook Chrome OS Security
