tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel aslr: someone interested?

On Sat, Mar 25, 2017 at 11:22:24AM -0400, Thor Lancelot Simon wrote:
> ASLR increases the work factor for that stuff considerably (though there
> are obvious approaches if you can zap the early boot code to wire down
> the "randomization" so it isn't, etc).

I strongly contend this point in the case of the kernel and under the
assumption that the attacker can execute (unprivileged) code. The
approach can be found, i.e. see 33C3. I also strongly question any magic
fixes from vendors -- it is highly unlikely to work by the very nature
of how caches and the TLB operate. So yes, it strongly seems to me that
the consensus in the security research community is that kernel ASLR
doesn't really work on modern CPUs.


Home | Main Index | Thread Index | Old Index