'[kernel-hardening] Re: x86: PIE support and option to extend KASLR randomization'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kernel-hardening
Subject:    [kernel-hardening] Re: x86: PIE support and option to extend KASLR randomization
From:       Ingo Molnar <mingo () kernel ! org>
Date:       2017-09-25 7:33:42
Message-ID: 20170925073342.2yoghmanhx6c75ho () gmail ! com
[Download RAW message or body]

* Pavel Machek <pavel@ucw.cz> wrote:

> > For example, there would be collision with regular user-space mappings, right? 
> > Can local unprivileged users use mmap(MAP_FIXED) probing to figure out where 
> > the kernel lives?
> 
> Local unpriviledged users can probably get your secret bits using cache probing 
> and jump prediction buffers.
> 
> Yes, you don't want to leak the information using mmap(MAP_FIXED), but CPU will 
> leak it for you, anyway.

Depends on the CPU I think, and CPU vendors are busy trying to mitigate this 
angle.

Thanks,

	Ingo
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic