Re: [RFC PATCH] Randomization of address chosen by mmap.

From: lazytyped
Date: Tue Feb 27 2018 - 16:31:47 EST

Next message: Ghannam, Yazen: "RE: [PATCH v2 3/8] efi: Decode IA32/X64 Processor Error Info Structure"
Previous message: Martin Kaiser: "[PATCH v2] ARM: imx: avic: set low-power interrupt mask for imx25"
In reply to: Kees Cook: "Re: [RFC PATCH] Randomization of address chosen by mmap."
Next in thread: Ilya Smith: "Re: [RFC PATCH] Randomization of address chosen by mmap."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/27/18 9:52 PM, Kees Cook wrote:
> I'd like more details on the threat model here; if it's just a matter
> of .so loading order, I wonder if load order randomization would get a
> comparable level of uncertainty without the memory fragmentation,

This also seems to assume that leaking the address of one single library
isn't enough to mount a ROP attack to either gain enough privileges or
generate a primitive that can leak further information. Is this really
the case? Do you have some further data around this?

ÂÂÂÂÂÂ -Â twiz

Next message: Ghannam, Yazen: "RE: [PATCH v2 3/8] efi: Decode IA32/X64 Processor Error Info Structure"
Previous message: Martin Kaiser: "[PATCH v2] ARM: imx: avic: set low-power interrupt mask for imx25"
In reply to: Kees Cook: "Re: [RFC PATCH] Randomization of address chosen by mmap."
Next in thread: Ilya Smith: "Re: [RFC PATCH] Randomization of address chosen by mmap."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]