Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack

From: Jiri Kosina
Date: Mon Dec 22 2014 - 14:50:03 EST

Next message: Jiri Kosina: "livepatching tree for linux-next"
Previous message: Linus Torvalds: "Re: frequent lockups in 3.18rc4"
In reply to: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Next in thread: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 22 Dec 2014, Andy Lutomirski wrote:

> a. With PIE executables, the offset from the executable to the
> libraries is constant. This is unfortunate when your threat model
> allows you to learn the executable base address and all your gadgets
> are in shared libraries.

When I was originally pushing PIE executable randomization, I have been
thinking about ways to solve this.

In theory, we could start playing games with load_addr in
load_elf_interp() and randomizing it completely independently from mmap()
base randomization, but the question is whether it's really worth the
hassle and binfmt_elf code complication. I am not convinced.

--
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "livepatching tree for linux-next"
Previous message: Linus Torvalds: "Re: frequent lockups in 3.18rc4"
In reply to: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Next in thread: Andy Lutomirski: "Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]