From: Jason Markley (ggsg) <jamarkle@ggsg.cisco.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] Does U-boot support ASLR?
Date: Thu, 09 Feb 2012 15:54:01 -0500 [thread overview]
Message-ID: <4F343269.3000901@ggsg.cisco.com> (raw)
In-Reply-To: <201202091534.03746.vapier@gentoo.org>
On 2/9/12 3:34 PM, Mike Frysinger wrote:
> On Thursday 09 February 2012 15:06:48 Scott Wood wrote:
>> As for tftpload not having length bounds, that's the kind of thing that
>> anyone trying to put together a secure loader would want to fix
>> (assuming they're using tftpload in the first place)
> which is my point -- u-boot is so completely opening, throwing ASLR in there
> makes no sense. there are plenty of ways to break the system.
There are plenty of ways to break any system. Isn't the whole idea of
security that you simply make it harder for particular attack vectors to
be fruitful? You're not going to be able to prevent EVERY attack, so
should we just not bother with security at all?
>
>> but if such a hole
>> gets through, perhaps ASLR might make it more difficult to use that
>> length overrun to take control of the system (versus simply crash it).
> if you can overwrite any of u-boot, then i doubt this is that hard. this is
> what NOP slides are very good at.
>
>>>> It probably doesn't make sense as default behavior, but I could see it
>>>> being useful in some situations.
>>> such as ?
>> When you can solve issues such as entropy generation, and are limiting
>> external exposure to interfaces that should be secure (but might have
>> bugs). I can especially see people wanting this who are using hardware
>> secure boot mechanisms (i.e. U-Boot itself was cryptographically verified).
> this isn't an example of how ASLR would be useful
Isn't ASLR useful in the sense that it does what ASLR was created to
do? make it 'harder' (not impossible, but another layer of difficulty)
for attacking code to determine where particular code lives?
Are you arguing that ASLR isn't useful for anything at all? Or just
useful for U-boot? If anything at all, why is it implemented in so many
other places? If just U-boot, isn't plugging one small hole, even
though larger holes exist still making progress?
-Jason
> -mike
>
>
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
>
next prev parent reply other threads:[~2012-02-09 20:54 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 14:47 [U-Boot] Does U-boot support ASLR? Jason Markley
2012-02-09 15:13 ` Wolfgang Denk
2012-02-09 15:59 ` Mike Frysinger
[not found] ` <4F34125B.9070802@cisco.com>
2012-02-09 18:58 ` Mike Frysinger
2012-02-09 19:28 ` Scott Wood
2012-02-09 19:50 ` Mike Frysinger
2012-02-09 20:03 ` Jason Markley
2012-02-09 20:06 ` Scott Wood
2012-02-09 20:34 ` Mike Frysinger
2012-02-09 20:54 ` Jason Markley [this message]
2012-02-09 19:55 ` Jason Markley
2012-02-09 20:31 ` Mike Frysinger
2012-02-09 22:16 ` Graeme Russ
2012-02-09 23:08 ` Jason Markley
2012-02-10 0:09 ` Graeme Russ
2012-02-10 11:44 ` Wolfgang Denk
2012-02-09 19:56 ` Jason Markley
[not found] ` <4F33E93E.5070804@ggsg.cisco.com>
2012-02-10 7:07 ` Wolfgang Denk
2012-02-10 13:47 ` Jason Markley
2012-02-10 14:23 ` Wolfgang Denk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F343269.3000901@ggsg.cisco.com \
--to=jamarkle@ggsg.cisco.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox