Re: kernel aslr: someone interested?

To: tech-kern%NetBSD.org@localhost
Subject: Re: kernel aslr: someone interested?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 26 Mar 2017 07:12:09 +0200

On Sat, Mar 25, 2017 at 10:17:21PM -0400, Mouse wrote:
> > [ASLR] is just one more check mark in the exploit building tool.
> 
> Yes and no.
> 
> It increases the work required to exploit any putative bugs.

Please read the constraints again. There are very few RCE against the
kernels. The normal and reasonable assumption is the ability to execute
local code. If you can execute local code, you can silently defeat
kernel ASLR. Silently in the sense that all it requires is less than one
hour of computation, but without otherwise doing suspicious activity.
It is not harder in any combinatorial sense, i.e. it is additive
overhead. That's quite different from the typical attack scenario for a
server.

Joerg

References:
- kernel aslr: someone interested?
  - From: Maxime Villard
- Re: kernel aslr: someone interested?
  - From: Joerg Sonnenberger
- Re: kernel aslr: someone interested?
  - From: Maxime Villard
- Re: kernel aslr: someone interested?
  - From: Joerg Sonnenberger
- Re: kernel aslr: someone interested?
  - From: Mouse

Prev by Date: Re: kernel aslr: someone interested?
Next by Date: Re: kernel aslr: someone interested?
Previous by Thread: Re: kernel aslr: someone interested?
Next by Thread: Re: kernel aslr: someone interested?
Indexes:

Home | Main Index | Thread Index | Old Index