Hello,

can ASLR tech help to build a hard template VM for Qubes?

https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/

checksec.sh: 
How important it is that all libs and executables are PIE-compiled?
Are 100% of the TVM PIE compliant?

https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf

Will ASLR-NG mitigate the ASLR-weaknesses?

The rerandomization should be fast enough or be able to detect some brute-force 
attacks.

There are other exploit-strategies, which sould be taken into account, so that 
the TVM is hard enough to resist the contact with the web (ebanking) - or the 
QAchitecture is adressing all of them?

Heap-Spraying?
Egg-Hunting?
ROP?
DEP?
SEHOP?
SafeSEZ?
Stack Cockies?
SEH overflows?
stack overflows?

or others?

It looks that there are many methods around to inject shellcode in some way...

https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a99b301-e162-4069-b131-91ab9d12925f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to