Anyone who cares about that 3% should just static link and get a 6% boost instead. The rest of us want security properties maintained.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
As written, the proposed patch has no exception for suid binaries, even.
- 1 more reply
New conversation -
-
-
@RichFelker The patch isn't exactly that bad: it severely limits ASLR (to 32-bit) on Silvermont (only). Needs further refinement. -
@solardiz "32-bit" ASLR is at best 20-bit and actually more like 16-bit. Trivial to brute-force, e.g. in suids. -
@RichFelker For local attacks on SUIDs, you're right that we need an exception where full ASLR would be enabled despite performance impact -
@solardiz I still think the default should always be full ASLR. Non-suid apps can then honor an env var to restrict to 32-bit space. -
@RichFelker I think you should post a follow-up suggesting at least the SUID exception. In fact, it's wrong to honor an env var in SUID.
End of conversation
New conversation -
-
-
@RichFelker@solardiz The patch only affects Silvermont. Anything else in unaffected. -
@gcpascutto@solardiz Yes, but Silvermont is exactly what I use; it's the only Intel family that can run passive-cooled.
End of conversation
New conversation -
-
-
@RichFelker@jonpryor isn't this just for Silvermont processors? -
@damageboy@jonpryor Yes, that's been discussed. But my perspective is that Silvermont is the only usable Intel line (only passive-cooled).
End of conversation
New conversation -
-
-
@RichFelker@solardiz BTW, Google does this in Android's Java runtime so it can still use 4-byte pointers on 64-bit... -
@CopperheadSec@solardiz The right way to do this is to alloc a 4GB PROT_NONE zone and use offsets, not assume low addrs are free. -
@RichFelker@solardiz They probably wouldn't want to base the performance cost of needing to resolve the real addresses. -
@RichFelker@solardiz They're not even willing to pay for runtime relocations so they generate an image on boot and map it statically. -
@RichFelker@solardiz Combined with Zygote spawning and the entropy loss from jemalloc's design... Android has no meaningful ASLR for apps. -
@CopperheadSec@RichFelker@solardiz this is why we can't have nice things? - End of conversation
New conversation -
-
-
.
@RichFelker holy fuck this is flagrantly irresponsible. Cannot understand how one'd think "speeds up things ~3%, disables ASLR" is OK.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.