Hello, can ASLR tech help to build a hard template VM for Qubes?
https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/ checksec.sh: How important it is that all libs and executables are PIE-compiled? Are 100% of the TVM PIE compliant? https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf Will ASLR-NG mitigate the ASLR-weaknesses? The rerandomization should be fast enough or be able to detect some brute-force attacks. There are other exploit-strategies, which sould be taken into account, so that the TVM is hard enough to resist the contact with the web (ebanking) - or the QAchitecture is adressing all of them? Heap-Spraying? Egg-Hunting? ROP? DEP? SEHOP? SafeSEZ? Stack Cockies? SEH overflows? stack overflows? or others? It looks that there are many methods around to inject shellcode in some way... https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/ Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a99b301-e162-4069-b131-91ab9d12925f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
