[prev in list] [next in list] [prev in thread] [next in thread]
List: kernel-hardening
Subject: [kernel-hardening] Re: x86: PIE support and option to extend KASLR randomization
From: Ingo Molnar <mingo () kernel ! org>
Date: 2017-09-25 7:33:42
Message-ID: 20170925073342.2yoghmanhx6c75ho () gmail ! com
[Download RAW message or body]
* Pavel Machek <pavel@ucw.cz> wrote:
> > For example, there would be collision with regular user-space mappings, right?
> > Can local unprivileged users use mmap(MAP_FIXED) probing to figure out where
> > the kernel lives?
>
> Local unpriviledged users can probably get your secret bits using cache probing
> and jump prediction buffers.
>
> Yes, you don't want to leak the information using mmap(MAP_FIXED), but CPU will
> leak it for you, anyway.
Depends on the CPU I think, and CPU vendors are busy trying to mitigate this
angle.
Thanks,
Ingo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic