From: "Roberts, William C" <william.c.roberts@intel.com>
To: "'Jason Cooper'" <jason@lakedaemon.net>
Cc: "'linux-mm@kvack.org'" <linux-mm@kvack.org>,
"'linux-kernel@vger.kernel.org'" <linux-kernel@vger.kernel.org>,
"'kernel-hardening@lists.openwall.com'"
<kernel-hardening@lists.openwall.com>,
"'akpm@linux-foundation.org'" <akpm@linux-foundation.org>,
"'keescook@chromium.org'" <keescook@chromium.org>,
"'gregkh@linuxfoundation.org'" <gregkh@linuxfoundation.org>,
"'nnk@google.com'" <nnk@google.com>,
"'jeffv@google.com'" <jeffv@google.com>,
"'salyzyn@android.com'" <salyzyn@android.com>,
"'dcashman@android.com'" <dcashman@android.com>
Subject: RE: [PATCH] [RFC] Introduce mmap randomization
Date: Wed, 3 Aug 2016 18:19:19 +0000 [thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC560127C34B@ORSMSX103.amr.corp.intel.com> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC560127815C@ORSMSX103.amr.corp.intel.com>
<snip>
>
> >
> > I would highly recommend studying those prior use cases and answering
> > those concerns before progressing too much further. As I've mentioned
> > elsewhere, you'll need to quantify the increased difficulty to the
> > attacker that your patch imposes. Personally, I would assess that first to see if
> it's worth the effort at all.
>
> Yes agreed.
>
For those following or those who care I have some preliminary results from a UML test bench. I need to set up better
testing, this I know :-P and test under constrained environments etc.
I ran 100,000 execs of bash and checked pmap for the location of libc's start address. I recorded this and kept track of the lowest
address it was loaded at as well as the highest, the range is aprox 37 bits of entropy. I calculated the Shannon entropy by calculating the frequency
of each address that libc was loaded at per 100,000 invocations, I am not sure if this is an abuse of that, considering Shannon's entropy is usually used
to calculate the entropy of byte sized units in a file (below you will find my city script). Plotting the data, it looked fairly random. Number theory is
not my strong suit, so if anyone has better ways of measuring entropy, I'm all ears, links appreciated.
I'm going to fire up some VMs in the coming weeks and test this more, ill post back with results if they differ from UML. Including ARM tablets running
Android.
low: 0x40000000
high: 0x401cb15000
range: 0x3fdcb15000
Shannon entropy: 10.514440
#!/usr/bin/env python
# modified from: http://www.kennethghartman.com/calculate-file-entropy/
import math
import sys
low=None
high=None
if len(sys.argv) != 2:
print "Usage: file_entropy.py [path]filename"
sys.exit()
d = {}
items=0
with open(sys.argv[1]) as f:
for line in f:
line = line.strip()
line = line.lstrip("0")
#print line
items = items + 1
if line not in d:
d[line] = 1
else:
d[line] = d[line] + 1
x = int("0x" + line, 16)
if low == None:
low = x
if high == None:
high = x
if x < low:
low = x
if x > high:
high = x
#print str(items)
#print d
print ("low: 0x%x" % low)
print ("high: 0x%x" % high)
print ("range: 0x%x" % (high - low))
# calculate the frequency of each address in the file
# XXX Should this really be in the 64 bit address space?
freqList = []
for k,v in d.iteritems():
freqList.append(float(v) / items)
#print freqList
# Shannon entropy
ent = 0.0
for freq in freqList:
if freq > 0:
ent = ent + freq * math.log(freq, 2)
ent = -ent
print ('Shannon entropy: %f' % ent )
<snip>
next prev parent reply other threads:[~2016-08-03 18:19 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 18:22 [PATCH] [RFC] Introduce mmap randomization william.c.roberts
2016-07-26 18:22 ` william.c.roberts
2016-07-26 20:03 ` Jason Cooper
2016-07-26 20:11 ` Roberts, William C
2016-07-26 20:13 ` Roberts, William C
2016-07-26 20:59 ` Jason Cooper
2016-07-26 21:06 ` Roberts, William C
2016-07-26 21:44 ` Jason Cooper
2016-07-26 23:51 ` Dave Hansen
2016-08-02 17:17 ` Roberts, William C
2016-08-03 18:19 ` Roberts, William C [this message]
2016-08-02 17:15 ` Roberts, William C
2016-07-27 16:59 ` Nick Kralevich
2016-07-28 21:07 ` Jason Cooper
2016-07-29 10:10 ` [kernel-hardening] " Daniel Micay
2016-07-31 22:24 ` Jason Cooper
2016-08-01 0:24 ` Daniel Micay
2016-08-02 16:57 ` Roberts, William C
2016-08-02 17:02 ` Nick Kralevich
2016-08-14 16:31 ` Pavel Machek 1
2016-07-26 20:12 ` [kernel-hardening] " Rik van Riel
2016-07-26 20:17 ` Roberts, William C
2016-07-26 20:41 ` Nick Kralevich
2016-07-26 21:02 ` Roberts, William C
2016-07-26 21:11 ` Nick Kralevich
2016-08-14 16:22 ` Pavel Machek
2016-08-04 16:53 ` [kernel-hardening] " Daniel Micay
2016-08-04 16:55 ` Roberts, William C
2016-08-04 17:10 ` Daniel Micay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=476DC76E7D1DF2438D32BFADF679FC560127C34B@ORSMSX103.amr.corp.intel.com \
--to=william.c.roberts@intel.com \
--cc=akpm@linux-foundation.org \
--cc=dcashman@android.com \
--cc=gregkh@linuxfoundation.org \
--cc=jason@lakedaemon.net \
--cc=jeffv@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nnk@google.com \
--cc=salyzyn@android.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).