On Thu, Apr 4, 2013 at 1:21 PM, H. Peter Anvin <h...@zytor.com> wrote: > I have to admit to being somewhat skeptical toward KASLR with only 8 > bits of randomness.
I agree that 8 bits is pretty low and more would be better. However, even 8 bits provides a < 1% chance that any particular guess will be correct. Combined with kernel crash monitoring, this amount of ASLR means that brute-force attacks can't occur undetectably, even if they can eventually be successful. Having a signal that indicates an attack-in-progress is a pretty big leg up from not. Of course, infoleaks would render this whole discussion moot, but I'm replying to the "only 8 bits" part here. > There are at least two potential ways of > dramatically increasing the available randomness: > > 1. actually compose the kernel of multiple independently relocatable > pieces (maybe chunk it on 2M boundaries or something.) Without increasing the entropy bits, does this actually increase the # of tries necessary for an attacker to guess correctly? It dramatically increases the number of possible configurations of kernel address space, but for any given piece there are only 256 possible locations. > 2. compile the kernel as one of the memory models which can be executed > anywhere in the 64-bit address space. The cost of this would have > to be quantified, of course. I attempted to do this, but was limited by my knowledge of the toolchain. I would welcome help or suggestions! -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
