patch to randomize mmap offsets

Simon 'corecode' Schubert corecode at
Tue Jan 16 10:56:07 PST 2007

Thomas E. Spanjaard wrote:
Given other comments, I think you should put all the changed code under 
an #ifdef, and add that to conf/options to be defined in file opt_vm.h 
(e.g., VM_MMAPOFF_RANDOMIZE opt_vm.h), then include opt_vm.h in the 
relevant files. Ofcourse, the option wouldn't be enabled by default, but 
people who want security through obscurity can easily enable it at their 
leasure in their kernel config, and recompile :).
it is not obscurity, but instead prevents the exploitation of any fixed memory offset in executables.  it makes memory ordering basically so non-deterministic that it is close to impossible to craft a working exploit.  in combination with W^X this creates a very very secure execution environment.

Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |      Against  HTML   \
Dude 2c 2 the max   !       Mail + News   / \

More information about the Submit mailing list