[tbb-dev] SELFRANDO_write_layout_file enabled intentionally?
Tom Ritter
tom at ritter.vg
Wed May 17 00:45:40 UTC 2017
On 16 May 2017 at 19:21, teor <teor2345 at gmail.com> wrote:
> Even worse: can an exploit read this file to find out the memory layout?
>
> (I think the answer is: yes, but it doesn't matter, because it would
> have to run arbitrary code to read the file. Maybe.)
My attitude towards this, and what I requested of the selfrando team
for Mozilla's investigation, is that the seed/layout be written to
disk and erased from memory. An attacker who gets an information
disclosure could steal the seed from memory otherwise and undo the
protection. Arbitrary file reads are less common that infoleaks. (And
we want to keep the mapping around for debugging crashes.)
-tom
More information about the tbb-dev
mailing list