Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <54E09A0B.1050201@gmail.com>
Date: Sun, 15 Feb 2015 08:07:23 -0500
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-Request - Offset2lib

On 15/02/15 07:38 AM, Hector Marco wrote:
> Hello,
> 
> 
> Offset2lib is a security weakness on the implementation of the ASLR in
> GNU/Linux when the executable is PIE compiled which affects all
> architectures except s390.
> 
> Advisory URL:
> http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
> 
> Link patch submission:
> https://lkml.org/lkml/2015/1/7/527
> 
> 
> Can a CVE be assigned to this please?
> 
> Thank you.
> Hector Marco.

This kind of room for improvement in the ASLR implementation doesn't
seem like it's worthy of a CVE. There are many ways of making it more
fine grained, but there are diminishing returns. This won't help if
there are usable ROP gadgets in the application code.

AFAIK, it didn't attempt / claim to offer this level of granularity, so
it's not the same as something like the vdso issue where an expected
exploit mitigation was totally broken.

It could also add a gap between each library and do more than just base
randomization for mmap... but it's an endless rabbit hole and at some
point the costs become significant, while the gains are dubious.


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.