On Thu, 14 Feb 2008 21:25:35 +0100 Ingo Molnar <[EMAIL PROTECTED]> wrote:
> > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > really, the best defense is to reduce the useful lifetime of any > > leaked canary, and you can't get better than syscall granularity > > without disproportional effort and impact elsewhere (and i'm sure > > some would find even this disproportional ;). > > hm, i think per syscall canaries are really expensive. it's not that bad. Assuming you use a PNR that you re-seed periodically, it's * go to the next random number with PNR * write to PDA and task struct give or take 10 cycles total if you squeeze it hard, 20 if you don't. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
