Text relocations in kernel modules
Peter Wemm
peter at wemm.org
Mon Apr 2 19:37:40 UTC 2012
On Mon, Apr 2, 2012 at 12:23 PM, Richard Yao <ryao at cs.stonybrook.edu> wrote:
> On 04/02/12 14:46, Peter Wemm wrote:
>> Remember.. ASLR is a userland thing. .ko files, which is what this
>> thread is about, already use random address layout. When you do a
>> "kldload virtio.ko", you have no way to predict what address it will
>> be loaded at. And you don't even have access to the addresses.
>>
>> Of course if you want to talk about ASLR and userland .so files then
>> that's an entirely different thing. But this thread is about your
>> tools finding DT_TEXTREL in a .ko kernel file, not userland .so files.
>>
>
> The PaX project's patches to the Linux kernel include kernel stack
> randomization. The Gentoo Hardened project makes use of this in their
> fork of the Linux kernel.
>
I looked at their code, and their description here:
http://pax.grsecurity.net/docs/randkstack.txt
Of note:
"pax_randomize_kstack() gathers entropy from the rdtsc instruction
(read time stamp counter) and applies it to bits 2-6 of the kernel
stack pointer. This means that 5 bits are randomized providing a
maximum shift of 128 bytes - this was deemed safe enough to not cause
kernel stack overflows yet give enough randomness to deter
guessing/brute forcing attempts."
This has nothing to do with the DT_TEXTREL in .ko that this thread is
about and has no bearing on ASLR in any way.
--
Peter Wemm - peter at wemm.org; peter at FreeBSD.org; peter at yahoo-inc.com; KI6FJV
"All of this is for nothing if we don't go to the stars" - JMS/B5
"If Java had true garbage collection, most programs would delete
themselves upon execution." -- Robert Sewell
More information about the freebsd-stable
mailing list