Re: kernel aslr: someone interested?

To: tech-kern%netbsd.org@localhost
Subject: Re: kernel aslr: someone interested?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sat, 25 Mar 2017 13:35:47 +0100

On Sat, Mar 25, 2017 at 09:20:14AM +0100, Maxime Villard wrote:
> Le 24/03/2017 à 23:13, Joerg Sonnenberger a écrit :
> > On Thu, Mar 23, 2017 at 06:30:31PM +0100, Maxime Villard wrote:
> > > I have some plans to implement kernel aslr on amd64.
> > 
> > For what purpose? It has been shown over and over again that ASLR simply
> > doesn't work in a lot of situations in userland. The situation for
> > kernel ASLR is significantly worse.
> 
> But it does not alter the fact that each situation is being fixed. When
> it comes to kernel ASLR, five years ago a lot of people could have said
> that the number of bits available to randomize the VA space is too small,
> that several unprivileged instructions leak some memory locations, that
> cache latency gives hints about where the kernel text is, etc.

I don't think *any* of the cache latency problems have been fixed at
all. They are highly unlikely to be fixed as it would significantly
impact performance and if CPUs have one design focus after correctness,
it is performance. Some what I have seen, the consensus is that kernel
ASLR can be considered ineffective for the text segment at the very
least and many parts of the data structures as well as long as the
attacker can execute (unprivileged) instructions on the CPU at will.
As such, the point of "it makes bugs harder to exploit" is effectively
false -- if you can force either the code path of interesting to be
executed or any code path with a known offset, there is a generic method
to compute the necessary address. It is just one more check mark in the
exploit building tool.

> > ... it doesn't seem to be worth the effort.
> 
> Well, I've already made most of the effort required, I'm just stuck with
> makefiles and toolchains. If really no one is interested in that,
> developing my prekern has been at least an interesting technical challenge.

There is a lot more effort involved than just providing an
implementation. Just as it was easy to make everything PIE with ASLR
without really caring about the fallout it creates in pkgsrc. What is
the impact kernel ASLR has debugability, performance and stability of
performance? At least for the first item on the list, it will be pain.
At the same time, even many developers from the systems you have
mentioned find it to be ineffective.

Joerg

Follow-Ups:
- Re: kernel aslr: someone interested?
  - From: Mouse
- Re: kernel aslr: someone interested?
  - From: Maxime Villard

References:
- kernel aslr: someone interested?
  - From: Maxime Villard
- Re: kernel aslr: someone interested?
  - From: Joerg Sonnenberger
- Re: kernel aslr: someone interested?
  - From: Maxime Villard

Prev by Date: Re: kernel aslr: someone interested?
Next by Date: Re: kernel aslr: someone interested?
Previous by Thread: Re: kernel aslr: someone interested?
Next by Thread: Re: kernel aslr: someone interested?
Indexes:

Home | Main Index | Thread Index | Old Index