I'm just thinking aloud here... So as long as hardened gcc is used to compile the code, it makes the exploitation harder compared to distros not pushing PIE as much. I think other distros also acknowledged the importance of PIE, as well in the mean time: https://wiki.ubuntu.com/Security/Features#Built_as_PIE http://wiki.debian.org/Hardening#gcc_-pie_-fPIE For a userland like that, binaries compiled without the hardened toolchain are the easiest to exploit. Binary packages, third-party binaries, closed-source binaries. These software are usually important executables way over 20k.
I wonder how these ROP techniques can theoretically perform in a java virtual machine? What are the possbile target vectors for Python or Ruby? What about JIT code? -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 2013.Március 26.(K) 10:18 időpontban Javier Juan Martínez Cabezón ezt írta: > PIE is used in hardened gentoo, If PIE can't protect you against this, > ssp at least could try to do it, this is the reason because > -fstack-protector-all and -D_FORTIFY_SOURCE=2 are needed, and at least > -fstack-protector-all is really extended in hardened gentoo.. as > another security layer. . > > 2013/3/25, "Tóth Attila" <[email protected]>: >> Is gentoo-hardened better regarding the amount of unrandomized code >> compared to other distros? >> -- >> dr Tóth Attila, Radiológus, 06-20-825-8057 >> Attila Toth MD, Radiologist, +36-20-825-8057 >> >> 2013.Március 25.(H) 13:52 időpontban PaX Team ezt írta: >>> On 25 Mar 2013 at 9:01, Kfir Lavi wrote: >>> >>>> Hi, >>>> I'm looking for a way to reduce glibc code size. >>>> It can be a way to make system smaller and minimize the impact >>>> of attack vectors in glibc, as in return-to-libc attack. >>> >>> study this and draw your conclusions whether the whole exercise is >>> worth it or not: >>> >>> https://www.usenix.org/conference/usenix-security-11/q-exploit-hardening-made-easy >>> >>> >> >> >> >> > >
