Re: kernel aslr: someone interested?

2017-06-17 Thread Kamil Rytarowski
On 17.06.2017 12:25, Maxime Villard wrote: > Le 23/03/2017 à 18:30, Maxime Villard a écrit : >> I have some plans to implement kernel aslr on amd64. Actually, a few >> months >> ago I wrote set of patches for the bootloader and the kernel, and also a >> complete kernel relocator. As far as I can

Re: kernel aslr: someone interested?

2017-06-17 Thread Maxime Villard
Le 23/03/2017 à 18:30, Maxime Villard a écrit : I have some plans to implement kernel aslr on amd64. Actually, a few months ago I wrote set of patches for the bootloader and the kernel, and also a complete kernel relocator. As far as I can test, everything works correctly and reliably; the whole

Re: kernel aslr: someone interested?

2017-03-26 Thread John Nemeth
On Mar 25, 10:17pm, Mouse wrote: } } > [ASLR] is just one more check mark in the exploit building tool. } } Yes and no. } } It increases the work required to exploit any putative bugs. It does } not make exploitation impossible, but that does not mean it's not worth } making it harder. "You

Re: kernel aslr: someone interested?

2017-03-25 Thread Joerg Sonnenberger
On Sat, Mar 25, 2017 at 10:17:21PM -0400, Mouse wrote: > > [ASLR] is just one more check mark in the exploit building tool. > > Yes and no. > > It increases the work required to exploit any putative bugs. Please read the constraints again. There are very few RCE against the kernels. The normal

Re: kernel aslr: someone interested?

2017-03-25 Thread Mouse
> [ASLR] is just one more check mark in the exploit building tool. Yes and no. It increases the work required to exploit any putative bugs. It does not make exploitation impossible, but that does not mean it's not worth making it harder. "You don't have to run faster than the bear; you just

Re: kernel aslr: someone interested?

2017-03-25 Thread Christos Zoulas
In article , Greg Troxel wrote: >-=-=-=-=-=- > > >Maxime Villard writes: > >> I would also add - even if it is not a relevant argument - that most >> "commonly-used" operating systems do have kernel aslr: Windows, Mac, Linux,

Re: kernel aslr: someone interested?

2017-03-25 Thread Joerg Sonnenberger
On Sat, Mar 25, 2017 at 11:22:24AM -0400, Thor Lancelot Simon wrote: > ASLR increases the work factor for that stuff considerably (though there > are obvious approaches if you can zap the early boot code to wire down > the "randomization" so it isn't, etc). I strongly contend this point in the

Re: kernel aslr: someone interested?

2017-03-25 Thread Maxime Villard
Le 25/03/2017 à 13:35, Joerg Sonnenberger a écrit : I don't think *any* of the cache latency problems have been fixed at all. Yes, they haven't been fixed yet, but are being. I remember reading that AMD was working on fixing that - I'll have to refind the article though. They are highly

Re: kernel aslr: someone interested?

2017-03-25 Thread Maxime Villard
Le 25/03/2017 à 08:25, Martin Husemann a écrit : On Fri, Mar 24, 2017 at 11:13:34PM +0100, Joerg Sonnenberger wrote: For what purpose? It has been shown over and over again that ASLR simply doesn't work in a lot of situations in userland. The situation for kernel ASLR is significantly worse.

Re: kernel aslr: someone interested?

2017-03-25 Thread Thor Lancelot Simon
On Sat, Mar 25, 2017 at 09:20:14AM +0100, Maxime Villard wrote: > > Verily, 5-level page trees with higher entropy will be introduced by Intel > soon, the instructions that leak kernel addresses can be made privileged > (UMIP), cache issues are being fixed; and in short, I wouldn't be surprised >

Re: kernel aslr: someone interested?

2017-03-25 Thread Joerg Sonnenberger
On Sat, Mar 25, 2017 at 09:20:14AM +0100, Maxime Villard wrote: > Le 24/03/2017 à 23:13, Joerg Sonnenberger a écrit : > > On Thu, Mar 23, 2017 at 06:30:31PM +0100, Maxime Villard wrote: > > > I have some plans to implement kernel aslr on amd64. > > > > For what purpose? It has been shown over and

Re: kernel aslr: someone interested?

2017-03-25 Thread Greg Troxel
Maxime Villard writes: > I would also add - even if it is not a relevant argument - that most > "commonly-used" operating systems do have kernel aslr: Windows, Mac, Linux, > etc. There's another point, which various people may also consider invalid :-) In the US, there's a

Re: kernel aslr: someone interested?

2017-03-25 Thread Maxime Villard
Le 24/03/2017 à 23:13, Joerg Sonnenberger a écrit : On Thu, Mar 23, 2017 at 06:30:31PM +0100, Maxime Villard wrote: I have some plans to implement kernel aslr on amd64. For what purpose? It has been shown over and over again that ASLR simply doesn't work in a lot of situations in userland.

Re: kernel aslr: someone interested?

2017-03-25 Thread Martin Husemann
On Fri, Mar 24, 2017 at 11:13:34PM +0100, Joerg Sonnenberger wrote: > For what purpose? It has been shown over and over again that ASLR simply > doesn't work in a lot of situations in userland. The situation for > kernel ASLR is significantly worse. From a security standpoint, it > doesn't seem to

Re: kernel aslr: someone interested?

2017-03-24 Thread Joerg Sonnenberger
On Thu, Mar 23, 2017 at 06:30:31PM +0100, Maxime Villard wrote: > I have some plans to implement kernel aslr on amd64. For what purpose? It has been shown over and over again that ASLR simply doesn't work in a lot of situations in userland. The situation for kernel ASLR is significantly worse.

kernel aslr: someone interested?

2017-03-23 Thread Maxime Villard
I have some plans to implement kernel aslr on amd64. Actually, a few months ago I wrote set of patches for the bootloader and the kernel, and also a complete kernel relocator. As far as I can test, everything works correctly and reliably; the whole implementation can relocate and jump into a PIE