1 |
On Mon, Mar 25, 2013 at 2:52 PM, PaX Team <pageexec@××××××××.hu> wrote: |
2 |
> On 25 Mar 2013 at 9:01, Kfir Lavi wrote: |
3 |
> |
4 |
>> Hi, |
5 |
>> I'm looking for a way to reduce glibc code size. |
6 |
>> It can be a way to make system smaller and minimize the impact |
7 |
>> of attack vectors in glibc, as in return-to-libc attack. |
8 |
> |
9 |
> study this and draw your conclusions whether the whole exercise is |
10 |
> worth it or not: |
11 |
> |
12 |
> https://www.usenix.org/conference/usenix-security-11/q-exploit-hardening-made-easy |
13 |
> |
14 |
> |
15 |
Thanks for sharing this talk. I didn't know that the program image in |
16 |
Linux is not randomize by ASLR. |
17 |
What i understand from this talk: I can probably take a lot of code |
18 |
out of glibc, but it will never be less then 20K, which lets attacker |
19 |
that is able to jump to glibc, to construct his ROP program. |
20 |
As I don't have much experience in security, my question would be: Can |
21 |
we deploy another mechanism to fight this ROP program building from |
22 |
the program image? |
23 |
|
24 |
Thanks, |
25 |
Kfir |