Date: Sun, 15 Feb 2015 08:07:23 -0500 From: Daniel Micay <danielmicay@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-Request - Offset2lib On 15/02/15 07:38 AM, Hector Marco wrote: > Hello, > > > Offset2lib is a security weakness on the implementation of the ASLR in > GNU/Linux when the executable is PIE compiled which affects all > architectures except s390. > > Advisory URL: > http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html > > Link patch submission: > https://lkml.org/lkml/2015/1/7/527 > > > Can a CVE be assigned to this please? > > Thank you. > Hector Marco. This kind of room for improvement in the ASLR implementation doesn't seem like it's worthy of a CVE. There are many ways of making it more fine grained, but there are diminishing returns. This won't help if there are usable ROP gadgets in the application code. AFAIK, it didn't attempt / claim to offer this level of granularity, so it's not the same as something like the vdso issue where an expected exploit mitigation was totally broken. It could also add a gap between each library and do more than just base randomization for mmap... but it's an endless rabbit hole and at some point the costs become significant, while the gains are dubious. Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ