NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: port-amd64/58366: KASLR broken



The following reply was made to PR port-amd64/58366; it has been noted by GNATS.

From: Harold Gutch <logix%foobar.franken.de@localhost>
To: Taylor R Campbell <campbell%mumble.net@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, port-amd64-maintainer%NetBSD.org@localhost,
        gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: port-amd64/58366: KASLR broken
Date: Mon, 1 Jul 2024 03:42:05 +0200

 On Sun, Jun 30, 2024 at 02:35:34PM +0000, Taylor R Campbell wrote:
 > But when the kernel is linked with `--split-by-file=0x100000', the
 > combined .rodata section is split into multiple subsections sometimes
 > on _non-aligned_ boundaries with _less_ alignment:
 
 Changing this to --split-by-file=0x800000 seems to improve things,
 with that I survived a couple of reboot loops without any issues.  But
 I might have just gotten (un)lucky of course.  I don't know if values
 that are not powers of two make sense here but 0x400000 is not enough,
 with that I still see the panics.
 
 
 > We can try removing `--split-by-file', but that will reduce the
 > efficacy of KASLR as a security measure, since it will only be able to
 > randomize .rodata (and .text and .data and ...) as a whole and not the
 > separate parts of each section independently.
 
 Yes, without --split-by-file I also don't see the panics anymore.
 
 
   Harold
 


Home | Main Index | Thread Index | Old Index