** Description changed: Currently there's the blueprint for 64 bit pie by default. I think this is a good goal because there's almost no performance penalties but it will be a lot of work. https://blueprints.launchpad.net/ubuntu/+spec/64bit-pie-by-default/ Also a bug relating to PIE binaries: #139435. My proposal is in the mean time the more risky binaries should be PIE at least on 64bit. Using the ssh package as a guide it's a pretty easy combination of -fpie in the cflags and -pie in the ldflags. Then with all modern versions of the linux kernel the executable's address will be randomized. Example of PIE 1: r...@siti-desktop:~# cat /proc/$(pidof sshd)/maps | grep /usr/sbin/sshd 7f1f290a1000-7f1f2910b000 r-xp 00000000 08:15 5450407 /usr/sbin/sshd 7f1f2930a000-7f1f2930c000 r--p 00069000 08:15 5450407 /usr/sbin/sshd 7f1f2930c000-7f1f2930e000 rw-p 0006b000 08:15 5450407 /usr/sbin/sshd Example 2: r...@siti-desktop:~# cat /proc/$(pidof sshd)/maps | grep /usr/sbin/sshd 7f5437c9c000-7f5437d06000 r-xp 00000000 08:15 5450407 /usr/sbin/sshd 7f5437f05000-7f5437f07000 r--p 00069000 08:15 5450407 /usr/sbin/sshd 7f5437f07000-7f5437f09000 rw-p 0006b000 08:15 5450407 /usr/sbin/sshd The combination of NX, randomized DLLs, stack, heap, and other maps, SSP, -D_FORTIFY_SOURCE makes exploitation of memory corruption vulnerabilities extremely difficult. The only attack vectors left as far as I am aware are: * Information leakage (Reasonably well fixed via protecting maps in /proc) * JITs (Java, mono etc, firefox 3.1, Not much we can do here) * Using code in the executable out of order (Solvable by compiling with PIE). + * VSyscall not being randomized. The last is the easiest to fix and something Ubuntu should do on the riskier binaries. A suggested list of packages that should have pie support added: * Firefox (A very large piece of software that has had a large number of vulnerabilities in the past and will probably continue to have more). * Openoffice (Possibly the largest single piece of software in Ubuntu) * Evince (Has had POC exploits in the past) * Totem (Supports a large number of media formats using various libraries that have had vulnerabilities) * Mysql (A number of exploits in the past, from reading the changelogs PIE caused regressions) * Postgresql (I presume it's got similar issues to Mysql) * Xorg-server (Running as root, this might be a challenge I don't know...) * Snort * Apache (Already done) * Samba (Already done) * openssh (Already done) Many of these suggestions are client side but this is where a lot of the attacks have been occuring on Windows. Ubuntu should be premeptive :-). Over the next few days I hope to attach patches for at least the less complex pieces of software to enable PIE. Hopefully they can be enabled in Karmic Koala :-).
-- PIE Randomization on more risky binaries https://bugs.launchpad.net/bugs/356291 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
