On 12/13/19 10:45 AM, Wenhui Zhang wrote:
It seems like most of Selinux functions are static inline , no symbols
are exposed to symbol table.
IMHO, randomization is not necessary if not reflected in symbol table ?
RANDSTRUCT isn't about randomization of code; it is about randomization
of data structure layout. See https://lwn.net/Articles/722293/ for some
background.
Also, your assumption is wrong but that's not germane to this thread so
I won't discuss it further here.
On Fri, Dec 13, 2019, 10:41 AM Stephen Smalley <sds@xxxxxxxxxxxxx
<mailto:sds@xxxxxxxxxxxxx>> wrote:
See $(subject). If yes, there are some obvious candidates among the
SELinux data structures for randomized layouts to avoid fixed locations
for enforcing, initialized, etc. If not, then no point in pursuing it.
Doesn't look like Fedora enables it, probably because they'd have to
publish the random seeds anyway for third party kernel modules. But
maybe it would be useful for some distros/users? ChromeOS? Android?
