Subject: re: Importing PaX features to NetBSD
To: Elad Efrat , matthew green <mrg@eterna.com.au>
From: None <pageexec@freemail.hu>
List: tech-security
Date: 12/18/2005 22:46:57
On 18 Dec 2005 at 23:05, matthew green wrote:
>    ASLR calculates 3 random values on execution and saves these as offsets
>    to be used when a random value is needed. How expensive are 3
>    arc4random() calls in the context of an entire sys_execve()?
> 
> 
> you fail to understand the performance issue here.  when, eg, libc is
> not mapped at the same address as other processes, the performance hit
> is in the range of 30-40% on some platforms.  it's not about start up
> it is about the MMU being constantly trashed.

(while waiting for more details on this VI cache issue), i'd like to
point out that the way i implemented ASLR on linux is that the generic
(arch independent) kernel code uses per-arch defined constants to derive
the amount and position of randomization that is to be applied to the
given memory regions. on archs that can't use randomization you'd simply
set these constants to 0 (or whatever that disables it) and be done
with it, a win-win situation.