On Sun, Feb 28, 2021 at 09:40:54AM -0500, Shawn Webb wrote:
> ... The point of ASLR is to combine it with W^X. Without W^X, ASLR makes
> no sense. FreeBSD recently gained a W^X implementation that requires
> opt-in. ...
I'm not plugged into the right places to catch some of these things up
On Sat, Feb 27, 2021 at 08:34:11PM -0800, Ihor Antonov wrote:
> >
> > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> > any security, except imaginary? The only purpose of it is to have a
> > check-list item ticked green.
>
> I don't know if I should parse this as
On Sat, Feb 27, 2021 at 10:29:14PM -0700, Warner Losh wrote:
> On Sat, Feb 27, 2021 at 9:34 PM Ihor Antonov wrote:
>
> > >
> > > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> > > any security, except imaginary? The only purpose of it is to have a
> > > check-list
> On 28. Feb 2021, at 13:27, dmilith . wrote:
>
> First of all - ALSR is designed as mitigation for external attacks,
> not internal ones (logged in user).
> Second - Linux and FreeBSD both have weak implementations in
> comparison to PAX-driven ones. Try attacking the system with
> Grsecurity
First of all - ALSR is designed as mitigation for external attacks,
not internal ones (logged in user).
Second - Linux and FreeBSD both have weak implementations in
comparison to PAX-driven ones. Try attacking the system with
Grsecurity or HardenedBSD (both use the strongest ASLR available
AFAIK).
On 2021-02-27 22:29, Warner Losh wrote:
> On Sat, Feb 27, 2021 at 9:34 PM Ihor Antonov wrote:
>
> > >
> > > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> > > any security, except imaginary? The only purpose of it is to have a
> > > check-list item ticked green.
> >
>
On Sat, Feb 27, 2021 at 9:34 PM Ihor Antonov wrote:
> >
> > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> > any security, except imaginary? The only purpose of it is to have a
> > check-list item ticked green.
>
> I don't know if I should parse this as sarcasm (or
>
> But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> any security, except imaginary? The only purpose of it is to have a
> check-list item ticked green.
I don't know if I should parse this as sarcasm (or any other form of
"humor") or is a serious statement? But this
On Fri, Feb 26, 2021 at 08:32:26PM +0100, Gordon Bergling wrote:
> On Fri, Feb 26, 2021 at 08:57:55PM +0200, Konstantin Belousov wrote:
> > On Fri, Feb 26, 2021 at 07:34:03PM +0100, Gordon Bergling wrote:
> > > On Thu, Feb 25, 2021 at 03:58:07PM -0500, Ed Maste wrote:
> > > > As of 9a227a2fd642
On Fri, Feb 26, 2021 at 08:57:55PM +0200, Konstantin Belousov wrote:
> On Fri, Feb 26, 2021 at 07:34:03PM +0100, Gordon Bergling wrote:
> > On Thu, Feb 25, 2021 at 03:58:07PM -0500, Ed Maste wrote:
> > > As of 9a227a2fd642 (main-n245052) base system binaries are now built
> > > as
On Fri, Feb 26, 2021 at 07:34:03PM +0100, Gordon Bergling wrote:
> On Thu, Feb 25, 2021 at 03:58:07PM -0500, Ed Maste wrote:
> > As of 9a227a2fd642 (main-n245052) base system binaries are now built
> > as position-independent executable (PIE) by default, for 64-bit
> > architectures. PIE
On Thu, Feb 25, 2021 at 03:58:07PM -0500, Ed Maste wrote:
> As of 9a227a2fd642 (main-n245052) base system binaries are now built
> as position-independent executable (PIE) by default, for 64-bit
> architectures. PIE executables are used in conjunction with address
> randomization as a mitigation
On Thu, Feb 25, 2021 at 09:22:43PM -0500, Ed Maste wrote:
> On Thu, 25 Feb 2021 at 19:23, John Kennedy wrote:
> >
> > Not sure if Ed Maste just wants to make sure that all the executables
> > are rebuilt as PIE (vs hit-and-miss) or there is a sneaker corner-case that
> > he knows about.
>
>
On 26 Feb 2021, at 03:22, Ed Maste wrote:
>
> On Thu, 25 Feb 2021 at 19:23, John Kennedy wrote:
>>
>> Not sure if Ed Maste just wants to make sure that all the executables
>> are rebuilt as PIE (vs hit-and-miss) or there is a sneaker corner-case that
>> he knows about.
>
> The issue is that
On Thursday, 25 February 2021 at 21:22:43 -0500, Ed Maste wrote:
> On Thu, 25 Feb 2021 at 19:23, John Kennedy wrote:
>>
>> Not sure if Ed Maste just wants to make sure that all the executables
>> are rebuilt as PIE (vs hit-and-miss) or there is a sneaker corner-case that
>> he knows about.
>
>
On Thu, 25 Feb 2021 at 19:23, John Kennedy wrote:
>
> Not sure if Ed Maste just wants to make sure that all the executables
> are rebuilt as PIE (vs hit-and-miss) or there is a sneaker corner-case that
> he knows about.
The issue is that without a clean build you may have some .o files
left
On Thu, 25 Feb 2021 at 18:10, Greg 'groggy' Lehey wrote:
>
> This details worries me. How compatible are PIE executables with
> non-PIE executables? Can I run PIE executables on older systems? Can
> I run older executables on a PIE system?
There is no issue mixing PIE and non-PIE binaries,
On Fri, Feb 26, 2021 at 10:10:28AM +1100, Greg 'groggy' Lehey wrote:
> On Thursday, 25 February 2021 at 15:58:07 -0500, Ed Maste wrote:
> > As of 9a227a2fd642 (main-n245052) base system binaries are now built
> > as position-independent executable (PIE) by default, for 64-bit
> > architectures.
On Thursday, 25 February 2021 at 15:58:07 -0500, Ed Maste wrote:
> As of 9a227a2fd642 (main-n245052) base system binaries are now built
> as position-independent executable (PIE) by default, for 64-bit
> architectures. PIE executables are used in conjunction with address
> randomization as a
As of 9a227a2fd642 (main-n245052) base system binaries are now built
as position-independent executable (PIE) by default, for 64-bit
architectures. PIE executables are used in conjunction with address
randomization as a mitigation for certain types of security
vulnerabilities.
If you track
20 matches
Mail list logo