oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

How GNU/Linux distros deal with offset2lib attack?

From: Shawn <citypw () gmail com>
Date: Sat, 6 Dec 2014 15:22:58 +0800
Hi guys,

As you know Hector Marco disclosured a new attack targeting the
GNU/Linux mitigation defensive technology earlier this week:
http://www.openwall.com/lists/oss-security/2014/12/04/19
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html

Paper & slide:
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-presentation.pdf

http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf

Hector provides 3 possible solutions:

1, Use Grsecurity/PaX. Afaik, Gentoo and Debian Mempo has long-term
maintainence for Grsecurity/PaX patch. But the Grsecurity/PaX is not
party of linux kernel mainline that'd be a problem to the most
distros. I think linux kernel upstream won't accept PaX patch only
because of this *kind* of issue.

2, ASLRv3? Hector Marco( the dude who disclosured offset2lib attack)
sent a patch to the upstream:
https://lkml.org/lkml/2014/12/4/839

Even the upstream don't accept the patch, is this possible to backport
it & maintain it for distro community?

3, RenewSSP? IMOHO, this is a solution for the way of exploit like:
http://phrack.org/archives/issues/67/13.txt

It'd be workaround for another mitigation to prevent offset2lib attack
though. But the authors of RenewSSP don't even send a patch to GCC
community yet. At least I can't search anything about RenewSSP in GCC
ml.

It seems ASLRv3 is the best option we have? Or anything else?


-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn
Previous By Date Next
Previous By Thread Next

Current thread: