ASLR work into -HEAD ?
Oliver Pinter
oliver.pinter at hardenedbsd.org
Wed May 20 16:32:03 UTC 2015
On 5/20/15, Pedro Giffuni <pfg at freebsd.org> wrote:
> Hello Shawn;
>
> What ever happened to the performance, does it still have a
> noticeable effect even when disabled?
We should ask to run an exp-run again with/without/disabled ASLR.
>
> I have no technical opinion on the patch, but ...
>
> TBH, the problem I see is that ASLR is so widespread that every
> potential attacker already knows how to defeat it. Yes, it is meant
> only as a mitigation technique but if it only buys you 5 min.
> (at most) I don't see much advantage in obfuscating the VM.
Hi Pedro!
Explain the situation, when someone release an exploit against one
system without ASLR. The attacker hard code the address of the
specific code, and try it against the whole internet.
In this case all of the try will success. Then explain the other
situation, when the system has ASLR. In this case the exploit in the
majority fails, and the attacker must to try multiple times to attack
the system. This is very large cost on their side...
Sometimes this 5 minutes means that the attacker could break in or
not. Most of the average attackers does not have the knowledge, how to
bypass the ASLR. Yes, there exists automated ROP generator and other
tools, and articles about blink ROP effectiveness, but in the real
life the ASLR is a must have.
The ASLR would much more efficient, when segvguard or similar brute
force prevention solution existing in the system.
>
> Just IMHO ... I am not a player in that area and I don't maintain
> the underlying code so I don't approve or reject anything.
>
> Pedro.
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"
>
More information about the freebsd-arch
mailing list