oss-sec mailing list archives

Re: PIE bypass using VDSO ASLR weakness

From: Greg KH <greg () kroah com>
Date: Thu, 11 Dec 2014 13:27:30 -0500

On Thu, Dec 11, 2014 at 06:23:23PM +0100, Hanno Böck wrote:

On Thu, 11 Dec 2014 11:15:44 +0530
Reno Robert <renorobert () gmail com> wrote:

Given that ASLR is not effective in VDSO and comes down to 11 quality
bits as per pax test making return-to-vdso feasible even for PIE
binary, whether this should be considered as a bug and CVE be
assigned?


I opened a bug in the kernel's bugtracker:
https://bugzilla.kernel.org/show_bug.cgi?id=89591


Don't do that, stick to the linux-kernel mailing list, cc:ing the proper
developers involved.  I say this as most kernel subsystems do not use
bugzilla.kernel.org (USB and Networking are two examples), while others
use it heavily (like ACPI).

For "core" issues like this, stick to the mailing lists, they work
better.

Actually, for "security" stuff, use the security () kernel org alias,
that's the best way to get a quick response.

thanks,

greg k-h

Current thread:

PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
  - Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
    - Re: PIE bypass using VDSO ASLR weakness Martino Dell'Ambrogio (Dec 09)
    - Re: PIE bypass using VDSO ASLR weakness Mathias Krause (Dec 09)
    - Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
    - Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 10)
    - Re: PIE bypass using VDSO ASLR weakness Hanno Böck (Dec 11)
    - Re: PIE bypass using VDSO ASLR weakness Greg KH (Dec 11)
    - Re: PIE bypass using VDSO ASLR weakness cve-assign (Dec 26)