From: Jason Markley (ggsg) <jamarkle@ggsg.cisco.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] Does U-boot support ASLR?
Date: Thu, 09 Feb 2012 18:08:14 -0500 [thread overview]
Message-ID: <4F3451DE.3050503@ggsg.cisco.com> (raw)
In-Reply-To: <CALButC+TisJ+Qeff=H=6br=-7T44-xnPFobxMO9MqxBvQWHsnA@mail.gmail.com>
On 2/9/12 5:16 PM, Graeme Russ wrote:
> Hi Guys,
>
> My 2c worth...
>
> The thought of applying ASLR to improve security is pointless unless you
> have identified a reason to do so. You can't just apply a security
> hardening technique willy-nilly and expect you security to improve. The
> security of a system is equal to the weakest link and no amount of
> strengthening the other links will improve security
Agreed, but in the grand scheme of things, does that mean the
maintainers of U-boot will ONLY allow patches in that fix the biggest
security hole that currently exists? If someone desires to patch a
small hole because they have a reason to, or desire to, but it's
currently the biggest hole out there, should said person be denied the
opportunity to present a patch for the hole they've identified?
>
> Remember, U-Boot is a boot-loader. It is very transitory. Think about how
> an attacker could exploit U-Boot (Hint: 10s after booting, they can't)
What about the U-boot API infrastructure? Isn't that designed to allow
a program that U-boot loads to call back into U-boot to perform some
function? Doesn't that mean U-boot is no longer transitory?
-Jason
>
> Network: Hit it with IP packets - But U-Boot only activates network code
> on as as-needed basis (typically when someone runs a net command like tftp
> etc) so you already have U-Boot shell access anyway
>
> Serial: Buffer overruns on commands - U-Boot will crash and the board
> reboots and again, you probably already had/have shell access
>
> So it starts to boil down to protecting access to the shell - Access to
> the shell opens up all sorts of possibilities such as changing environment
> variables (including scripts) up to completely replacing the U-Boot image
>
> So my thought would be, if you want to improve U-Boot security, perhaps
> implement password protection on the shell
>
> Regards,
>
> Graeme
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot
>
next prev parent reply other threads:[~2012-02-09 23:08 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 14:47 [U-Boot] Does U-boot support ASLR? Jason Markley
2012-02-09 15:13 ` Wolfgang Denk
2012-02-09 15:59 ` Mike Frysinger
[not found] ` <4F34125B.9070802@cisco.com>
2012-02-09 18:58 ` Mike Frysinger
2012-02-09 19:28 ` Scott Wood
2012-02-09 19:50 ` Mike Frysinger
2012-02-09 20:03 ` Jason Markley
2012-02-09 20:06 ` Scott Wood
2012-02-09 20:34 ` Mike Frysinger
2012-02-09 20:54 ` Jason Markley
2012-02-09 19:55 ` Jason Markley
2012-02-09 20:31 ` Mike Frysinger
2012-02-09 22:16 ` Graeme Russ
2012-02-09 23:08 ` Jason Markley [this message]
2012-02-10 0:09 ` Graeme Russ
2012-02-10 11:44 ` Wolfgang Denk
2012-02-09 19:56 ` Jason Markley
[not found] ` <4F33E93E.5070804@ggsg.cisco.com>
2012-02-10 7:07 ` Wolfgang Denk
2012-02-10 13:47 ` Jason Markley
2012-02-10 14:23 ` Wolfgang Denk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F3451DE.3050503@ggsg.cisco.com \
--to=jamarkle@ggsg.cisco.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox