Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 15 Feb 2015 08:07:23 -0500
From: Daniel Micay <danielmicay@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-Request - Offset2lib

On 15/02/15 07:38 AM, Hector Marco wrote:
> Hello,
> 
> 
> Offset2lib is a security weakness on the implementation of the ASLR in
> GNU/Linux when the executable is PIE compiled which affects all
> architectures except s390.
> 
> Advisory URL:
> http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
> 
> Link patch submission:
> https://lkml.org/lkml/2015/1/7/527
> 
> 
> Can a CVE be assigned to this please?
> 
> Thank you.
> Hector Marco.

This kind of room for improvement in the ASLR implementation doesn't
seem like it's worthy of a CVE. There are many ways of making it more
fine grained, but there are diminishing returns. This won't help if
there are usable ROP gadgets in the application code.

AFAIK, it didn't attempt / claim to offer this level of granularity, so
it's not the same as something like the vdso issue where an expected
exploit mitigation was totally broken.

It could also add a gap between each library and do more than just base
randomization for mmap... but it's an endless rabbit hole and at some
point the costs become significant, while the gains are dubious.


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ