Re: kernel aslr: someone interested?

To: tech-kern%netbsd.org@localhost
Subject: Re: kernel aslr: someone interested?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sat, 25 Mar 2017 19:30:07 +0100

On Sat, Mar 25, 2017 at 11:22:24AM -0400, Thor Lancelot Simon wrote:
> ASLR increases the work factor for that stuff considerably (though there
> are obvious approaches if you can zap the early boot code to wire down
> the "randomization" so it isn't, etc).

I strongly contend this point in the case of the kernel and under the
assumption that the attacker can execute (unprivileged) code. The
approach can be found, i.e. see 33C3. I also strongly question any magic
fixes from vendors -- it is highly unlikely to work by the very nature
of how caches and the TLB operate. So yes, it strongly seems to me that
the consensus in the security research community is that kernel ASLR
doesn't really work on modern CPUs.

Joerg

References:
- kernel aslr: someone interested?
  - From: Maxime Villard
- Re: kernel aslr: someone interested?
  - From: Joerg Sonnenberger
- Re: kernel aslr: someone interested?
  - From: Maxime Villard
- Re: kernel aslr: someone interested?
  - From: Thor Lancelot Simon

Prev by Date: Re: kernel aslr: someone interested?
Next by Date: Re: kernel aslr: someone interested?
Previous by Thread: Re: kernel aslr: someone interested?
Next by Thread: Re: kernel aslr: someone interested?
Indexes:

Home | Main Index | Thread Index | Old Index