Date: Wed, 20 May 2015 18:31:56 +0200 From: Oliver Pinter <oliver.pinter@hardenedbsd.org> To: Pedro Giffuni <pfg@freebsd.org> Cc: Shawn Webb <shawn.webb@hardenedbsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: ASLR work into -HEAD ? Message-ID: <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com> In-Reply-To: <555CADB6.202@FreeBSD.org> References: <555CADB6.202@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/20/15, Pedro Giffuni <pfg@freebsd.org> wrote: > Hello Shawn; > > What ever happened to the performance, does it still have a > noticeable effect even when disabled? We should ask to run an exp-run again with/without/disabled ASLR. > > I have no technical opinion on the patch, but ... > > TBH, the problem I see is that ASLR is so widespread that every > potential attacker already knows how to defeat it. Yes, it is meant > only as a mitigation technique but if it only buys you 5 min. > (at most) I don't see much advantage in obfuscating the VM. Hi Pedro! Explain the situation, when someone release an exploit against one system without ASLR. The attacker hard code the address of the specific code, and try it against the whole internet. In this case all of the try will success. Then explain the other situation, when the system has ASLR. In this case the exploit in the majority fails, and the attacker must to try multiple times to attack the system. This is very large cost on their side... Sometimes this 5 minutes means that the attacker could break in or not. Most of the average attackers does not have the knowledge, how to bypass the ASLR. Yes, there exists automated ROP generator and other tools, and articles about blink ROP effectiveness, but in the real life the ASLR is a must have. The ASLR would much more efficient, when segvguard or similar brute force prevention solution existing in the system. > > Just IMHO ... I am not a player in that area and I don't maintain > the underlying code so I don't approve or reject anything. > > Pedro. > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw>