Re: [qubes-users] TVM ASLR-exploit-proof?
Hello, Tails is also using ASLR security tech now... https://fossbytes.com/tails-2-6-secure-linux-os-snowden-updated-tor-and-kernel/ Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b310ec2-0b3a-48b3-831c-7e7c2902fd1c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] TVM ASLR-exploit-proof?
Hello Rudd-O, here is an interessting concept, in some way they reach the RAM randomization by one central DLL (for Windows Plattforms only), but it works direct on the fly for all apps and libs!!! http://www.morphisec.com/how-it-works/ Wow, not bad! This will be much more robust. And in parallel they keep the honypot, to run the law enforcement procedures against intruders. Here are some critical view to ASLR: http://blog.morphisec.com/aslr-what-it-is-and-what-it-isnt/ But for sure, the randomization will need a good non-deterministic random generator and a fast random update sequence (in Seconds) because 4 GB are quite endless... Would it makes sense to implement a similar fast not-deterministic randomization tech into the Qubes to overcome some standard template vulnerabilities, with smart countermeasurements? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f27cd0f8-c6d4-40b3-b33c-90284e85dba4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] TVM ASLR-exploit-proof?
On 10/14/2016 01:26 PM, 917832409173409178324097 wrote: > Hello, > > can ASLR tech help to build a hard template VM for Qubes? > > https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/ > > checksec.sh: > How important it is that all libs and executables are PIE-compiled? > Are 100% of the TVM PIE compliant? > > https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf > > Will ASLR-NG mitigate the ASLR-weaknesses? > > The rerandomization should be fast enough or be able to detect some > brute-force attacks. > > There are other exploit-strategies, which sould be taken into account, so > that the TVM is hard enough to resist the contact with the web (ebanking) - > or the QAchitecture is adressing all of them? > > Heap-Spraying? > Egg-Hunting? > ROP? > DEP? > SEHOP? > SafeSEZ? > Stack Cockies? > SEH overflows? > stack overflows? > > or others? > > It looks that there are many methods around to inject shellcode in some way... > > https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/ > > Kind Regards > This would be really nice, but basically you're talking about hardening Fedora, so this should probably be done with upstreaming the work in mind. Perhaps we begin with a template on Qubes OS that we can use, and piece by piece, the modifications to that template can get upstreamed. Eventually the template will no longer be necessary. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3fa020b9-2b92-df63-0dce-70ed805321bd%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.