Randomizing structure layout

Posted May 12, 2017 15:57 UTC (Fri) by geert (subscriber, #98403)
Parent article: Randomizing structure layout

It can be taken further:
- Generate random seed
- Feed seed to softcore generation for FPGA
- Feed seed to gcc toolchain build
- Build kernel and userland
Now I have a "secure" device using a "random" instruction set that nobody else knows about. Happy cracking ;-)

to post comments

Randomizing kernel structures layout - external modules compulation?

Posted May 13, 2017 0:57 UTC (Sat) by darwish (guest, #102479) [Link]

I do not understand how would this affect compiling external kernel modules?

If I compile a module with a statement "x->y", how would a compiler know the _right_ actual offset of y? Would the seed be saved somewhere statically in the system? (E.g. /lib/modules/kernel-version/random-seed)

And if the seed is stored somewhere globally readable, can't the exploit writer just use that? And if the seed is not globally readable, does that mean we will have to compile kernel modules using sudo / root access in the future?