For example breaking mmap requested address does not break any vuln, but removes functionality available no other way...
-
-
But probing does not help. Still a TOCTOU race. You need an atomic "map at this address if it's available".
-
A lock in mmap/mremap/munmap. best to solve in the kernel which serialises MM changes with a per mm RW lock e.g. down_write(&mm->mmap_sem);
-
That doesn't help. It's the caller that needs atomicity, not the implementation of mmap/mremap/munmap.
-
You could use such a lock in the implementation of mmap to work around kernels that don't implement requested-address, though.
-
Yes. I'm doing similar but instead replacing default address and my current hack is not thread safe. I don't have the kernels view of VMAs.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.