Re: How GNU/Linux distros deal with offset2lib attack?

[Greg KH <greg () kroah com>]

On Sun, Dec 07, 2014 at 01:08:00PM +0100, Lionel Debroux wrote:
> > On Sat, Dec 6, 2014 at 7:35 PM, Greg KH <greg () kroah com> wrote:
> > > On Sat, Dec 06, 2014 at 03:22:58PM +0800, Shawn wrote:
> > > > 2, ASLRv3? Hector Marco( the dude who disclosured offset2lib
> > > > attack) sent a patch to the upstream:
> > > > https://lkml.org/lkml/2014/12/4/839
> > > >
> > > > Even the upstream don't accept the patch, is this possible to
> > > > backport it & maintain it for distro community?
> > >
> > > Upstream asked for some basic fixes to the patch (i.e. it wasn't
> > > submitted in the needed format) before it could accept it, so I
> > > doubt it's rejected yet.
> > >
> > > And of course a distro could backport and maintain it, it's a very
> > > tiny patch, much smaller than what they normall backport.  Take it
> > > up with the distros if you want this.
> Tiny indeed. I'm surprised how few hunks it contains, given that
> PAX_ASLR involves
> $ grep CONFIG_PAX_ASLR pax-linux-3.17.4-test7.patch | wc -l
> 25
> hunks.

That's not a good comparison, as who knows what those config options do.

And a "well written" option will never have a CONFIG_* option within the
.c files, as that's not the normal way to implement features in the
Linux kernel.

> Is Hector Marco's ASLRv3 submission a much simpler reinvention of PaX's
> ASLR wheel, or is it rather a smaller wheel which does less than PaX's
> improved, field-tested ASLR does ?

I don't know, never looked at the PaX code, sorry.  Why not look at it
yourself and compare it?

> If the latter, I think it wouldn't be good to see another half-measure
> integrated to mainline, until the next mainline ASLR defeat against
> which PaX has protected for over a decade. Just my 2 cents.

The reason PaX isn't in the main kernel tree is that no one has spent
the time and effort to actually submit it in a mergable form.  So
please, do so if you think this is something that is needed.

thanks,

greg k-h