Date: Sat, 6 Dec 2014 15:22:58 +0800 From: Shawn <citypw@...il.com> To: oss-security@...ts.openwall.com Subject: How GNU/Linux distros deal with offset2lib attack? Hi guys, As you know Hector Marco disclosured a new attack targeting the GNU/Linux mitigation defensive technology earlier this week: http://www.openwall.com/lists/oss-security/2014/12/04/19 http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html Paper & slide: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-presentation.pdf http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf Hector provides 3 possible solutions: 1, Use Grsecurity/PaX. Afaik, Gentoo and Debian Mempo has long-term maintainence for Grsecurity/PaX patch. But the Grsecurity/PaX is not party of linux kernel mainline that'd be a problem to the most distros. I think linux kernel upstream won't accept PaX patch only because of this *kind* of issue. 2, ASLRv3? Hector Marco( the dude who disclosured offset2lib attack) sent a patch to the upstream: https://lkml.org/lkml/2014/12/4/839 Even the upstream don't accept the patch, is this possible to backport it & maintain it for distro community? 3, RenewSSP? IMOHO, this is a solution for the way of exploit like: http://phrack.org/archives/issues/67/13.txt It'd be workaround for another mitigation to prevent offset2lib attack though. But the authors of RenewSSP don't even send a patch to GCC community yet. At least I can't search anything about RenewSSP in GCC ml. It seems ASLRv3 is the best option we have? Or anything else? -- GNU powered it... GPL protect it... God blessing it... regards Shawn
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.