oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Offset2lib: bypassing full ASLR on 64bit Linux

From: Reed Loden <reed () reedloden com>
Date: Fri, 5 Dec 2014 18:23:09 -0800
On Fri, Dec 5, 2014 at 4:59 PM, Daniel Micay <danielmicay () gmail com> wrote:



I don't really see how this would prevent Mozilla from shipping a
browser with ASLR. The Tor browser has been shipping a fork of Firefox
built as a position independent executable for ages. It doesn't impact
users because they're either starting it via a .desktop file or the
command-line.

The support for desktop icons in Nautilus is deprecated / disabled by
default with only a hidden dconf preference to enable it. If you really
want to support the workflow of opening up the file manager, navigating
to the binary and double-clicking it then using a wrapper script is a
quite obvious solution.



Obviously, some users are running into it (
https://bugzilla.mozilla.org/show_bug.cgi?id=1076892), or it wouldn't have
had to be backed out.

~reed
Previous By Date Next
Previous By Thread Next

Current thread: