On 07/12/2014 02:12, Teodoro Santoni wrote: > This is a problem if you have to deal with black boxes and with non-Unix
> software, that is, your programs use memory as IPC bus.
No, no, no, I'm not talking about shmem and IPC, I'm talking about *code
page sharing*, which is only possible for dynamically linked
executables. Different Go binaries "linking" the same versions of their
"libraries" will never *ever* share code pages for the "libraries", even
though the content is the same.
(no, not even with KSM enabled: KSM does *not* work on pagecache pages
by design)
> grsecurity solves this issue for Linux, randomizing the address space during
> loading
... except that it only works for dynamically linked binaries.
Statically linked binaries coalesce all executable code into a single
contiguous memory area at build time and maps it to a single LOAD
program header with the RE bits set, so the kernel cannot randomize
anything.
(ok, not really: it can play with the base address for LOAD program
headers, but that does *not* change the overall layout of executable
pages - again, it's set in stone by the compiler, if you want full ASLR
you need dynamic linking and binaries built as PIE, neither of which is
possible with Go)