> > There multiple issues with the way randomization of the stack is done
> > on OpenBSD 5.6, most of which I think could be fixed without
> > significant trouble.
These issues from the previous discussion have largely been improved
by Mark Kettenis.
There are a few more parts to push, but it is
On Wed, Jan 14, 2015 at 5:52 PM, Theo de Raadt wrote:
> And what breaks?
>
> Did you do an assessment?
>
> Hypothetically, if we do this and it improves security but breaks
> mplayer or firefox and people are forced to run some other system
> instead, is it then a security improvement?
Indeed.
On Wed, Jan 14, 2015 at 5:52 PM, Theo de Raadt
wrote:
>> > By the time an attacker has the control to search down, he surely
>> > already is capable of doing something other things. "Searching"
>> > almost certainly implies he is executing or ROP'ing.
>>
>> This is perhaps just me coming from the
On Wed, Jan 14, 2015 at 15:44, Mathias Svensson wrote:
>
> - The ps_struct structure is placed at a known address and contains
> pointers to the stack.
> - The entire region from the stack to USRSTACK is mapped, meaning that
> an attacker with the capability to repeatedly leak from a chosen
> addr
> > By the time an attacker has the control to search down, he surely
> > already is capable of doing something other things. "Searching"
> > almost certainly implies he is executing or ROP'ing.
>
> This is perhaps just me coming from the security CTF community where
> binaries are a bit contrive
On Wed, Jan 14, 2015 at 4:51 PM, Theo de Raadt
wrote:
>> There multiple issues with the way randomization of the stack is
>> done on OpenBSD 5.6, most of which I think could be fixed without
>> significant trouble.
>
> This could be improved, because a sysctl is used to find the ps info
> block.
> On Wed, Jan 14, 2015 at 3:44 PM, Mathias Svensson wrote:
> > Calls to malloc or mmap seems to be chosen randomly among 2 ** 20
> > pages placed at a constant offset above the base of the binary.
> > While none of these numbers are great (25 bits to base address with
> > no knowledge, 20 bits if k
On Wed, Jan 14, 2015 at 3:44 PM, Mathias Svensson wrote:
> Calls to malloc or mmap seems to be chosen randomly among 2 ** 20
> pages placed at a constant offset above the base of the binary.
> While none of these numbers are great (25 bits to base address with
> no knowledge, 20 bits if knowing ano
> There multiple issues with the way randomization of the stack is done
> on OpenBSD 5.6, most of which I think could be fixed without
> significant trouble.
This could be improved, because a sysctl is used to find the ps info block.
It is currently same for all processes. It could be made differ
Hello,
I am sorry if this is the wrong mailing list to send to. I was
directed here by __gilles on #opensmtpd @ Freenode.
There multiple issues with the way randomization of the stack is done
on OpenBSD 5.6, most of which I think could be fixed without
significant trouble.
It seems like the issu
10 matches
Mail list logo
