Re: CVE-Request - Offset2lib

[Daniel Micay <danielmicay () gmail com>]

On 15/02/15 07:38 AM, Hector Marco wrote:
> Hello,
>
>
> Offset2lib is a security weakness on the implementation of the ASLR in
> GNU/Linux when the executable is PIE compiled which affects all
> architectures except s390.
>
> Advisory URL:
> http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
>
> Link patch submission:
> https://lkml.org/lkml/2015/1/7/527
>
>
> Can a CVE be assigned to this please?
>
> Thank you.
> Hector Marco.

This kind of room for improvement in the ASLR implementation doesn't
seem like it's worthy of a CVE. There are many ways of making it more
fine grained, but there are diminishing returns. This won't help if
there are usable ROP gadgets in the application code.

AFAIK, it didn't attempt / claim to offer this level of granularity, so
it's not the same as something like the vdso issue where an expected
exploit mitigation was totally broken.

It could also add a gap between each library and do more than just base
randomization for mmap... but it's an endless rabbit hole and at some
point the costs become significant, while the gains are dubious.

Attachment: signature.asc
Description: OpenPGP digital signature