linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jiri Kosina <jkosina@suse.cz>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "Hector Marco Gisbert" <hecmargi@upv.es>,
	"Cyrill Gorcunov" <gorcunov@openvz.org>,
	"Pavel Emelyanov" <xemul@parallels.com>,
	"Catalin Marinas" <catalin.marinas@arm.com>,
	"Heiko Carstens" <heiko.carstens@de.ibm.com>,
	"Oleg Nesterov" <oleg@redhat.com>,
	"Ingo Molnar" <mingo@redhat.com>,
	"Anton Blanchard" <anton@samba.org>,
	"Russell King - ARM Linux" <linux@arm.linux.org.uk>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"David Daney" <ddaney.cavm@gmail.com>,
	"Andrew Morton" <akpm@linux-foundation.org>,
	"Arun Chandran" <achandran@mvista.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"Martin Schwidefsky" <schwidefsky@de.ibm.com>,
	"Ismael Ripoll" <iripoll@disca.upv.es>,
	"Christian Borntraeger" <borntraeger@de.ibm.com>,
	"Thomas Gleixner" <tglx@linutronix.de>,
	"Hanno Böck" <hanno@hboeck.de>,
	"Will Deacon" <will.deacon@arm.com>,
	"Benjamin Herrenschmidt" <benh@kernel.crashing.org>,
	"Kees Cook" <keescook@chromium.org>,
	"Reno Robert" <renorobert@gmail.com>
Subject: Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack
Date: Mon, 22 Dec 2014 20:49:54 +0100 (CET)	[thread overview]
Message-ID: <alpine.LNX.2.00.1412222047090.1680@pobox.suse.cz> (raw)
In-Reply-To: <CALCETrWUXbzb_MMEugWNzuY-gebkUbzLW6Z=gmCfau7oBRUdJg@mail.gmail.com>

On Mon, 22 Dec 2014, Andy Lutomirski wrote:

> a. With PIE executables, the offset from the executable to the
> libraries is constant.  This is unfortunate when your threat model
> allows you to learn the executable base address and all your gadgets
> are in shared libraries.

When I was originally pushing PIE executable randomization, I have been 
thinking about ways to solve this.

In theory, we could start playing games with load_addr in 
load_elf_interp() and randomizing it completely independently from mmap() 
base randomization, but the question is whether it's really worth the 
hassle and binfmt_elf code complication. I am not convinced.

-- 
Jiri Kosina
SUSE Labs

  reply	other threads:[~2014-12-22 19:49 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <5489E6D2.2060200@upv.es>
2014-12-11 20:12 ` [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack Hector Marco
2014-12-11 22:11   ` Kees Cook
2014-12-12 16:32     ` Hector Marco
2014-12-12 17:17       ` Andy Lutomirski
2014-12-19 22:04         ` Hector Marco
2014-12-19 22:11           ` Andy Lutomirski
2014-12-19 22:19             ` Cyrill Gorcunov
2014-12-19 23:53             ` Andy Lutomirski
2014-12-20  0:29               ` [PATCH] x86_64, vdso: Fix the vdso address randomization algorithm Andy Lutomirski
2014-12-20 17:40               ` [PATCH v2] " Andy Lutomirski
2014-12-20 21:13                 ` Kees Cook
2014-12-22 17:36               ` [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack Hector Marco Gisbert
2014-12-22 17:56                 ` Andy Lutomirski
2014-12-22 19:49                   ` Jiri Kosina [this message]
2014-12-22 20:00                     ` Andy Lutomirski
2014-12-22 20:03                       ` Jiri Kosina
2014-12-22 20:13                         ` Andy Lutomirski
2014-12-22 23:23                   ` Hector Marco Gisbert
2014-12-22 23:38                     ` Andy Lutomirski
     [not found]                       ` <CAH4rwTKeN0P84FJnocoKV4t9rc2Ox_EYc+LEibD+Y83n7C8aVA@mail.gmail.com>
2014-12-23  8:15                         ` Andy Lutomirski
2014-12-23 20:06                           ` Hector Marco Gisbert
2014-12-23 20:53                             ` Andy Lutomirski
2015-01-07 17:26     ` Hector Marco Gisbert
2014-12-05  0:07 Hector Marco
2014-12-05 20:08 ` Kees Cook
2014-12-08 22:15   ` Hector Marco Gisbert
2014-12-05 22:00 ` Andy Lutomirski
2014-12-08 20:09 ` Christian Borntraeger
2014-12-09 17:37   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.LNX.2.00.1412222047090.1680@pobox.suse.cz \
    --to=jkosina@suse.cz \
    --cc=achandran@mvista.com \
    --cc=akpm@linux-foundation.org \
    --cc=anton@samba.org \
    --cc=benh@kernel.crashing.org \
    --cc=borntraeger@de.ibm.com \
    --cc=catalin.marinas@arm.com \
    --cc=ddaney.cavm@gmail.com \
    --cc=gorcunov@openvz.org \
    --cc=hanno@hboeck.de \
    --cc=hecmargi@upv.es \
    --cc=heiko.carstens@de.ibm.com \
    --cc=hpa@zytor.com \
    --cc=iripoll@disca.upv.es \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@arm.linux.org.uk \
    --cc=luto@amacapital.net \
    --cc=mingo@redhat.com \
    --cc=oleg@redhat.com \
    --cc=renorobert@gmail.com \
    --cc=schwidefsky@de.ibm.com \
    --cc=tglx@linutronix.de \
    --cc=will.deacon@arm.com \
    --cc=xemul@parallels.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).