From: Jason Markley (ggsg) <jamarkle@ggsg.cisco.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] Does U-boot support ASLR?
Date: Fri, 10 Feb 2012 08:47:08 -0500 [thread overview]
Message-ID: <4F351FDC.5010000@ggsg.cisco.com> (raw)
In-Reply-To: <20120210070729.47C4F14BC602@gemini.denx.de>
On 2/10/12 2:07 AM, Wolfgang Denk wrote:
> Dear Jason,
>
> please keep the ML on Cc:
>
> In message <4F33E93E.5070804@ggsg.cisco.com> you wrote:
>> Do you happen to have a reference to that presentation? I'm very
>> interested, as i thought ASLR was in place to make it harder. I've done
>> a weak google search but haven't turned up anything.
> I'm sorry - I already searched when I wrote my first reply, but I
> didn't save the link when I read this. I am pretty much sure that it
> was in an article posted on http://www.heise.de/newsticker/ (and that
> it was in German language), but then it's likely that a similar
> article has been posted to http://www.h-online.com/ .
>
> I can find a few articles that talk about ways to outsmart ASLR, for
> example
> http://www.h-online.com/security/features/Return-of-the-sprayer-exploits-to-beat-DEP-and-ASLR-1171463.html
> but none of the ones I checked contained the statement I quoted (that
> ASLR actually makes it easier for crackers), or I didn't find it.
>
>
> Yes, the ideas behind ASLR was to make breaking into systems harder,
> and it does so for conventional attack methods. But breaking into
> systems is an art, and each new protection mechanism will attract
> forces to break them. In the end, you have to ask yourself if the
> efforts for a protection mechanism is worth the increaseof security it
> gives you.
>
> As others have pointed out, U-Boot (while running in interactive mode)
> is pretty much open for unlimited access anyway, so what is there to
> protect?
>
> And in production mode, U-Boot will just load and start some OS,
> and will be gone within a few milliseconds - if configured correctly,
> with little chances for break in.
Again, what about the U-boot API feature? I want to use the API
feature, and have U-boot 'stick around' for more than 'a few
milliseconds' as you put it. In production mode, when using the API
feature, I think ASLR has some merrit
-Jason
>
> Unless you attach a JTAG debugger - but then you are p0wned anyway.
>
>
> Best regards,
>
> Wolfgang Denk
>
next prev parent reply other threads:[~2012-02-10 13:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 14:47 [U-Boot] Does U-boot support ASLR? Jason Markley
2012-02-09 15:13 ` Wolfgang Denk
2012-02-09 15:59 ` Mike Frysinger
[not found] ` <4F34125B.9070802@cisco.com>
2012-02-09 18:58 ` Mike Frysinger
2012-02-09 19:28 ` Scott Wood
2012-02-09 19:50 ` Mike Frysinger
2012-02-09 20:03 ` Jason Markley
2012-02-09 20:06 ` Scott Wood
2012-02-09 20:34 ` Mike Frysinger
2012-02-09 20:54 ` Jason Markley
2012-02-09 19:55 ` Jason Markley
2012-02-09 20:31 ` Mike Frysinger
2012-02-09 22:16 ` Graeme Russ
2012-02-09 23:08 ` Jason Markley
2012-02-10 0:09 ` Graeme Russ
2012-02-10 11:44 ` Wolfgang Denk
2012-02-09 19:56 ` Jason Markley
[not found] ` <4F33E93E.5070804@ggsg.cisco.com>
2012-02-10 7:07 ` Wolfgang Denk
2012-02-10 13:47 ` Jason Markley [this message]
2012-02-10 14:23 ` Wolfgang Denk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F351FDC.5010000@ggsg.cisco.com \
--to=jamarkle@ggsg.cisco.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.