oss-sec mailing list archives
Re: Offset2lib: bypassing full ASLR on 64bit Linux
From: Daniel Micay <danielmicay () gmail com>
Date: Fri, 05 Dec 2014 21:40:42 -0500
On 05/12/14 09:23 PM, Reed Loden wrote:
On Fri, Dec 5, 2014 at 4:59 PM, Daniel Micay <danielmicay () gmail com> wrote:I don't really see how this would prevent Mozilla from shipping a browser with ASLR. The Tor browser has been shipping a fork of Firefox built as a position independent executable for ages. It doesn't impact users because they're either starting it via a .desktop file or the command-line. The support for desktop icons in Nautilus is deprecated / disabled by default with only a hidden dconf preference to enable it. If you really want to support the workflow of opening up the file manager, navigating to the binary and double-clicking it then using a wrapper script is a quite obvious solution.Obviously, some users are running into it ( https://bugzilla.mozilla.org/show_bug.cgi?id=1076892), or it wouldn't have had to be backed out. ~reed
So why can't you hide away the binary and drop a script or desktop file in that directory instead? A desktop file would also provide a better user experience if unpacking it and using it directly from that directory via a file manager is something you want to support. You would be even better off making it a self-extracting archive, dropping itself into $XDG_DATA_HOME / ~/.local/share like Steam (which uses PIE...), and generating a desktop file to run it. There's no icon or any other GUI niceties for the raw executable. It's not the usual / supported way of doing things, so it's really not surprising that it depends on a libmagic/file hack that doesn't work on any security aware native executables. There is no shortage of projects that have been enabling full ASLR for nearly a decade. The reason that this is an issue for you isn't because PIE isn't well supported.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Offset2lib: bypassing full ASLR on 64bit Linux, (continued)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Andy Lutomirski (Dec 05)
- Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Seth Arnold (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Pavel Labushev (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Message not available
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Florent Daigniere (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Loganaden Velvindron (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)