oss-sec mailing list archives
Re: Offset2lib: bypassing full ASLR on 64bit Linux
From: Florent Daigniere <florent.daigniere () trustmatta com>
Date: Sat, 06 Dec 2014 11:43:22 +0100
On Fri, 2014-12-05 at 14:15 -0800, Reed Loden wrote:
On Fri, Dec 5, 2014 at 7:09 AM, Daniel Micay <danielmicay () gmail com> wrote:Mozilla has no excuse for not enabling PIE for Firefox, because 99% of the code is in dynamic libraries already. It has no performance impact.For the record, Mozilla tried it several months ago and had to back it out. "Nautilus (the file manager) can't open PIE executables, which makes distributing PIE executable essentially impossible." https://bugzilla.mozilla.org/show_bug.cgi?id=857628#c6 (which caused https://bugzilla.mozilla.org/show_bug.cgi?id=1076892) ~reed
Here's one of the tickets where the information about compiler hardening flags is centralized... They have an endless supply of excuses not to enable any (not even -D_FORTIFY_SOURCE=2 or -Wformat-security)! https://bugzilla.mozilla.org/show_bug.cgi?id=620058 Florent
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Offset2lib: bypassing full ASLR on 64bit Linux, (continued)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Andy Lutomirski (Dec 05)
- Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Seth Arnold (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Pavel Labushev (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Message not available
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Florent Daigniere (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Loganaden Velvindron (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)