On Thu, Oct 20, 2016 at 11:20:01AM +0200, Peter N. M. Hansteen wrote: > On Thu, Oct 20, 2016 at 10:40:28AM +0200, Peter Janos wrote: > > Hello, > > > > http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha > > swell-cpu-509460.shtml > > ?? > > paper: > > http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs > > /micro16.pdf] > > ?? > > could we somehow prevent this attack on OpenBSD? > > if you read the paper, you will notice that they only tested on Ubuntu and OSX, > neither of which actually ship with ASLR enabled by default if I remember correctly. > The paper has no(!) references to OpenBSD, they never show any actual code, and it > appears that this is a local exploit that seems to require that the victim and spy > processes share the same virtual address space, meaning that ASLR isn't actually enabled. > > Shawn Webb (HardenedBSD and trying to get ASLR into FreeBSD) has a preliminary > writeup at https://gist.github.com/lattera/c785e7088118442f10addf8c6017c7d0 with > a finished version due whenever he gets it done.
I've since published the post: https://github.com/lattera/articles/blob/master/infosec/Exploit%20Mitigations /ASLR/2016-10-19_btb/article.md Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
