[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+rthh8y6eDxPJLvjeVokgjV36AL+LcVd9WT0vYJWhvaG6Xb=Q@mail.gmail.com>
Date: Tue, 9 Dec 2014 20:38:08 +0100
From: Mathias Krause <minipli@...glemail.com>
To: oss-security@...ts.openwall.com
Subject: Re: PIE bypass using VDSO ASLR weakness
On 9 December 2014 at 16:33, Reno Robert <renorobert@...il.com> wrote:
> Hi Daniel, COMPAT_VDSO is not enabled. Just that randomization is 20 bits
> and same values are generated on repeated execution.
>
> On Tue, Dec 9, 2014 at 2:08 PM, Daniel Micay <danielmicay@...il.com> wrote:
>> On 09/12/14 03:05 AM, Reno Robert wrote:
>> > Do we need better ASLR for VDSO to make PIE more effective?
>>
>> You must have COMPAT_VDSO enabled. It's randomized fine with a sane
>> kernel configuration.
>>
minipli@jig:~/tmp$ echo 'int main(){}' | gcc -pie -std=c99 -xc - -o pie
minipli@jig:~/tmp$ for i in $(seq 10000); do ldd ./pie; done | grep
vdso | sort | uniq | wc -l
10000
minipli@jig:~/tmp$ uname -rm
3.17.3-grsec+ x86_64
So Daniel's advice seems legit to me. However, sane in this context
would mean CONFIG_PAX_RANDMMAP=y ;)
Regards,
Mathias
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
