Re: [gentoo-hardened] Assessing the Tux Strength: Part 2 - Into the Kernel

[radegand <radegand@o2.pl>]

Hi,
Thanks for your feedback.

Dnia 8 września 2010 0:27 pageexec@freemail.hu napisał(a):
> 
> > On 3 Sep 2010 at 11:56, Daniel Kuehn wrote:
> 
> > The randomisation bit was particularily interesting because as far as I
> > understand that is one of the better security measures we can use. 
> 
> actually, if you ask me, ASLR is the least useful security feature :P. it's not
> even really security, it's mere obfuscation, and it's great when it's works but
> it'll never provide guarantees (which is what we prefer in security).

I'd agree. Nevertheless, IMHO, even if no guarantees can be given, ASLR when done correctly (and together with PIE) makes exploitation way harder and is reasonably (?) easy to implement and maintain. Why making attacker's life easier? ;)
> 
> > Shame on fedora for only 3-bits randomisation for shared libs :P
> 
> a note here: fedora uses exec-shield which maps libraries in two different
> regions: ascii-armor (lower 16MB) and the rest. i think what paxtest measured
> there is the former where the usable entropy is necessarily less than elsewhere
> and may not be representative of real life apps and their address spaces (not
> saying the whole ascii-armor region is worth anything for security though ;).

Seems like I need to find out more about exec-shield then... :)
> 
> PS: when discussing null deref protections, it's worth mentioning UDEREF which
> is a tad bit more general and useful than mmap_min_addr ;).
> 
Oopps, yep, I totally missed UDEREF, my bad...!

Regards,
Radek