On 25 Mar 2013 at 22:35, Kfir Lavi wrote: > Thanks for sharing this talk. I didn't know that the program image in > Linux is not randomize by ASLR.
well, that's not quite true these days, even vanilla has logic to randomize the main executable - provided it's a PIE. it of course depends on the distros to provide PIEs for some/most of the programs they distribute, which is where the main difference is between say hardened gentoo and regular mainstream distros (the other difference is the amount of randomization due to PaX). > What i understand from this talk: I can probably take a lot of code > out of glibc, but it will never be less then 20K, which lets attacker > that is able to jump to glibc, to construct his ROP program. exactly. > As I don't have much experience in security, my question would be: Can > we deploy another mechanism to fight this ROP program building from > the program image? as i said above, PIE is one approach if we ignore infoleaking bugs that make all randomization based solutions fail. the real solution is some form of control flow enforcement but as far as i know, nobody proposed (let alone produced) a sufficiently well performing and easy-to-deploy idea so far. this is a very hot research topic, both in academia and industry, just look up microsoft's bluehat prize a year or so ago.
