Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 9 Dec 2014 20:38:08 +0100
From: Mathias Krause <minipli@...glemail.com>
To: oss-security@...ts.openwall.com
Subject: Re: PIE bypass using VDSO ASLR weakness

On 9 December 2014 at 16:33, Reno Robert <renorobert@...il.com> wrote:
> Hi Daniel, COMPAT_VDSO is not enabled. Just that randomization is 20 bits
> and same values are generated on repeated execution.
>
> On Tue, Dec 9, 2014 at 2:08 PM, Daniel Micay <danielmicay@...il.com> wrote:
>> On 09/12/14 03:05 AM, Reno Robert wrote:
>> > Do we need better ASLR for VDSO to make PIE more effective?
>>
>> You must have COMPAT_VDSO enabled. It's randomized fine with a sane
>> kernel configuration.
>>

minipli@jig:~/tmp$ echo 'int main(){}' | gcc -pie -std=c99 -xc - -o pie
minipli@jig:~/tmp$ for i in $(seq 10000); do ldd ./pie; done | grep
vdso | sort | uniq  | wc -l
10000
minipli@jig:~/tmp$ uname -rm
3.17.3-grsec+ x86_64

So Daniel's advice seems legit to me. However, sane in this context
would mean CONFIG_PAX_RANDMMAP=y ;)


Regards,
Mathias

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.