Reply to post:

NetBSD, OpenBSD improve kernel security, randomly


That's not how KASLR works in any implementation and for good reason.

Before the kernel begins executing it's totally feasible to relocate it but after the kernel starts running the kernel can't be moved without breaking any pointer it has to its self.

Also think of the performance hit. Even if the kernel is only a couple megabytes big with drivers added that's still a large amount of data that needs to be moved every so often.

Also how often would you move the kernel around?

Even if you solve all of those problems that doesn't even help because all an attacker has to do it use whatever address leak exploit they were using in the first place just later in the exploit chain so that it will still be correct whenever the exploit actually use it.

KASLR is just suppose to make it so that the address isn't predictable without leaking its address somehow, not to prevent leaks from permanently disclosing the kernel location.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020