codeblog code is freedom — patching my itch

11/24/2009

missing kernel features in ARM

Filed under: Debian,Security,Ubuntu — kees @ 10:38 pm

As more attention is given to the ARM ports of Linux, I’m hoping someone (maybe me if I learn a bunch) will be able to implement some upstream kernel features that are implemented only on x86 so far:

  • ASLR of mmap allocations
  • ASLR of text/exec area
  • ASLR of vdso
  • ASLR of brk area

Stack is already randomized, it should be easy to do the rest! ;)

© 2009, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5 Comments »

  1. Have you tried PaX’s ASLR support on ARM? We’ll be adding more features to ARM regardless of whatever upstream decides to do.

    -Brad

    Comment by spender — 11/25/2009 @ 6:36 am

  2. Haven’t tried it — don’t have hardware I can do the testing with yet. That said, I’d like to see the changes in the upstream kernel, since convincing the Ubuntu (or any distro) kernel team to carry PaX would be potentially more difficult. I am aware of the PaX ARM ASLR, which is why I was hoping to see those missing ASLR bits go upstream — it is technically possible to accomplish, so getting it in is the next step.

    And on that note, I’d love to see the upstream ASLR improved to have a wider bit range randomized. But that’s a whole other story.

    Comment by kees — 11/25/2009 @ 9:18 am

  3. Since last week or so, PaX supports NX (arm calls it XN) on ARM, giving it the same userland features as x86.

    -Brad

    Comment by spender — 2/18/2010 @ 2:23 pm

  4. Very cool to see ASLR working in ARM! Any chance you’ll submit that to the upstream kernel too?

    Comment by kees — 2/18/2010 @ 2:34 pm

  5. As an update to this post, I should point out that Nicolas Pitre implemented all of this for mainline ARM now.

    http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cc92c28b2d
    http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=990cb8acf2
    http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e4eab08d60

    The features exist since the 2.6.37 kernel (mmap and brk were finished for 2.6.36).

    Comment by kees — 6/7/2011 @ 9:25 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress