https://lwn.net/Articles/546686/ This is a special feed containing comments posted to the individual LWN article titled "Randomizing the kernel". en-us Mon, 10 Nov 2025 21:50:16 +0000 Mon, 10 Nov 2025 21:50:16 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/547715/ https://lwn.net/Articles/547715/ heijo <div class="FormattedComment"> Why not compile with one function and one global variable per section, keep section-based relocations in the kernel image, and then randomly shuffle the sections at boot?<br> <p> That would only have a slight boot time and kernel image size overhead, both of which are irrelevant for servers, and probably not an issue anywhere else.<br> <p> This way, guessing would be impossible, and any "leaks" would not give any information on the location of other functions or data other than the "leaked" one.<br> <p> </div> Thu, 18 Apr 2013 12:56:08 +0000 https://lwn.net/Articles/547142/ https://lwn.net/Articles/547142/ tialaramex <div class="FormattedComment"> The earlier link is already mentioned in the article. Deciding whether defences are worthwhile is largely impossible unless you have in mind a specific threat model.<br> <p> All ASLR-style defences have entirely practical statistical attacks, so if the threat you're modelling wouldn't be phased by that then it's worthless /for that model/. This is a contrast to something like W^X which isn't statistical, an attack that's stopped by W^X is stopped, maybe it can be re-activated by another route, but it can't just be retried (or used against more hosts) with the expectation that it will eventually work.<br> <p> I make the distinction _entirely practical_ because there are theoretical statistical attacks against a lot of things which we can discount. We quite reasonably don't consider "just guessing" a 128 bit AES secret key to be a practical attack on a scheme using AES encryption for example.<br> </div> Fri, 12 Apr 2013 13:09:02 +0000 https://lwn.net/Articles/547081/ https://lwn.net/Articles/547081/ Beolach Just a couple weeks back, LWN <a href="https://lwn.net/Articles/544609/">posted</a> a link to the <a href="http://forums.grsecurity.net/viewtopic.php?f=7&t=3367">PaX Team</a> calling KASLR Cargo Cult Security. I quite liked the metaphor they used to illustrate how small a benefit it gives: <blockquote>this moving target only moves once and is pretty easy to spot.</blockquote> That said, even w/ only minuscule benefit, I think it might still be worthwhile, if it has an even more minuscule cost. Does anyone know if KASLR has any impact on performance? Thu, 11 Apr 2013 23:58:01 +0000 https://lwn.net/Articles/546945/ https://lwn.net/Articles/546945/ error27 <div class="FormattedComment"> This seems like a very simple and worthwhile step. Ubuntu has kptr_restrict turned on but it's useless without randomization.<br> <p> It's true that there are still lots of information leaks left. Smatch has a check for some kinds of trivial leaks. I fixed a couple leaks last week.<br> <p> But if you just keep on plugging away at it, these do get fixed eventually. The quality of kernel code really is getting better. I think of things like this as part of a five year project instead of as an end in themselves.<br> <p> <p> </div> Thu, 11 Apr 2013 12:54:20 +0000