1 |
I'm just thinking aloud here... |
2 |
So as long as hardened gcc is used to compile the code, it makes the |
3 |
exploitation harder compared to distros not pushing PIE as much. I think |
4 |
other distros also acknowledged the importance of PIE, as well in the mean |
5 |
time: |
6 |
https://wiki.ubuntu.com/Security/Features#Built_as_PIE |
7 |
http://wiki.debian.org/Hardening#gcc_-pie_-fPIE |
8 |
For a userland like that, binaries compiled without the hardened toolchain |
9 |
are the easiest to exploit. Binary packages, third-party binaries, |
10 |
closed-source binaries. These software are usually important executables |
11 |
way over 20k. |
12 |
|
13 |
I wonder how these ROP techniques can theoretically perform in a java |
14 |
virtual machine? What are the possbile target vectors for Python or Ruby? |
15 |
What about JIT code? |
16 |
-- |
17 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
18 |
Attila Toth MD, Radiologist, +36-20-825-8057 |
19 |
|
20 |
2013.Március 26.(K) 10:18 időpontban Javier Juan Martínez Cabezón ezt írta: |
21 |
> PIE is used in hardened gentoo, If PIE can't protect you against this, |
22 |
> ssp at least could try to do it, this is the reason because |
23 |
> -fstack-protector-all and -D_FORTIFY_SOURCE=2 are needed, and at least |
24 |
> -fstack-protector-all is really extended in hardened gentoo.. as |
25 |
> another security layer. . |
26 |
> |
27 |
> 2013/3/25, "Tóth Attila" <atoth@××××××××××.hu>: |
28 |
>> Is gentoo-hardened better regarding the amount of unrandomized code |
29 |
>> compared to other distros? |
30 |
>> -- |
31 |
>> dr Tóth Attila, Radiológus, 06-20-825-8057 |
32 |
>> Attila Toth MD, Radiologist, +36-20-825-8057 |
33 |
>> |
34 |
>> 2013.Március 25.(H) 13:52 időpontban PaX Team ezt írta: |
35 |
>>> On 25 Mar 2013 at 9:01, Kfir Lavi wrote: |
36 |
>>> |
37 |
>>>> Hi, |
38 |
>>>> I'm looking for a way to reduce glibc code size. |
39 |
>>>> It can be a way to make system smaller and minimize the impact |
40 |
>>>> of attack vectors in glibc, as in return-to-libc attack. |
41 |
>>> |
42 |
>>> study this and draw your conclusions whether the whole exercise is |
43 |
>>> worth it or not: |
44 |
>>> |
45 |
>>> https://www.usenix.org/conference/usenix-security-11/q-exploit-hardening-made-easy |
46 |
>>> |
47 |
>>> |
48 |
>> |
49 |
>> |
50 |
>> |
51 |
>> |
52 |
> |
53 |
> |