On Sat, Mar 18, 2006 at 13:16:19 +0700, Mulyadi Santosa wrote: > Hi Arjan > > > 1) Performance: By changing the stack to different positions, you get > > less cache aliases, so you can use the cpu cache better > > What do you mean by "cache alias"? Mapped to same cache line? Yes. Most CPUs use least significant address bits (modulo the cache line width) to select a set of, usually at most 4, cache lines, one of which will be used for caching that block of memory. So randomizing the starting locations improves cache performance. > > 2) Security: By having a different and unpredictable stack place in > > memory, stack based buffer overflow exploits are harder to create. > > (and in combination with other security measures, really really hard > > ;) > > BTW, does that mean, it also immune against brute force style attack > (e.g combining shell code with various number of NOPs)? This is > assuming stack area still allow executable pages. No. It's not actually immune, but it makes them quite a bit harder. The thing is, that such brute force attack needs an address that will jump somewhere in the array of NOPs it feeds in. And if the stack base is varied by as much as 1GB (there are 3GB of address space available under standard linux kernel), the chance to select address from 1MB range would still be just 1:10^6. And usually if you write more than the stack size actually used by the application (thereby writing above the stack base), you get a SIGSEGV. -- Jan 'Bulb' Hudec <bulb@xxxxxx>
Attachment:
signature.asc
Description: Digital signature
