Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack
From: Jiri Kosina
Date: Mon Dec 22 2014 - 14:50:03 EST
On Mon, 22 Dec 2014, Andy Lutomirski wrote:
> a. With PIE executables, the offset from the executable to the
> libraries is constant. This is unfortunate when your threat model
> allows you to learn the executable base address and all your gadgets
> are in shared libraries.
When I was originally pushing PIE executable randomization, I have been
thinking about ways to solve this.
In theory, we could start playing games with load_addr in
load_elf_interp() and randomizing it completely independently from mmap()
base randomization, but the question is whether it's really worth the
hassle and binfmt_elf code complication. I am not convinced.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/