From: Jason Markley (ggsg) <jamarkle@ggsg.cisco.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] Does U-boot support ASLR?
Date: Fri, 10 Feb 2012 08:47:08 -0500 [thread overview]
Message-ID: <4F351FDC.5010000@ggsg.cisco.com> (raw)
In-Reply-To: <20120210070729.47C4F14BC602@gemini.denx.de>
On 2/10/12 2:07 AM, Wolfgang Denk wrote:
> Dear Jason,
>
> please keep the ML on Cc:
>
> In message <4F33E93E.5070804@ggsg.cisco.com> you wrote:
>> Do you happen to have a reference to that presentation? I'm very
>> interested, as i thought ASLR was in place to make it harder. I've done
>> a weak google search but haven't turned up anything.
> I'm sorry - I already searched when I wrote my first reply, but I
> didn't save the link when I read this. I am pretty much sure that it
> was in an article posted on http://www.heise.de/newsticker/ (and that
> it was in German language), but then it's likely that a similar
> article has been posted to http://www.h-online.com/ .
>
> I can find a few articles that talk about ways to outsmart ASLR, for
> example
> http://www.h-online.com/security/features/Return-of-the-sprayer-exploits-to-beat-DEP-and-ASLR-1171463.html
> but none of the ones I checked contained the statement I quoted (that
> ASLR actually makes it easier for crackers), or I didn't find it.
>
>
> Yes, the ideas behind ASLR was to make breaking into systems harder,
> and it does so for conventional attack methods. But breaking into
> systems is an art, and each new protection mechanism will attract
> forces to break them. In the end, you have to ask yourself if the
> efforts for a protection mechanism is worth the increaseof security it
> gives you.
>
> As others have pointed out, U-Boot (while running in interactive mode)
> is pretty much open for unlimited access anyway, so what is there to
> protect?
>
> And in production mode, U-Boot will just load and start some OS,
> and will be gone within a few milliseconds - if configured correctly,
> with little chances for break in.
Again, what about the U-boot API feature? I want to use the API
feature, and have U-boot 'stick around' for more than 'a few
milliseconds' as you put it. In production mode, when using the API
feature, I think ASLR has some merrit
-Jason
>
> Unless you attach a JTAG debugger - but then you are p0wned anyway.
>
>
> Best regards,
>
> Wolfgang Denk
>
next prev parent reply other threads:[~2012-02-10 13:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 14:47 [U-Boot] Does U-boot support ASLR? Jason Markley
2012-02-09 15:13 ` Wolfgang Denk
2012-02-09 15:59 ` Mike Frysinger
[not found] ` <4F34125B.9070802@cisco.com>
2012-02-09 18:58 ` Mike Frysinger
2012-02-09 19:28 ` Scott Wood
2012-02-09 19:50 ` Mike Frysinger
2012-02-09 20:03 ` Jason Markley
2012-02-09 20:06 ` Scott Wood
2012-02-09 20:34 ` Mike Frysinger
2012-02-09 20:54 ` Jason Markley
2012-02-09 19:55 ` Jason Markley
2012-02-09 20:31 ` Mike Frysinger
2012-02-09 22:16 ` Graeme Russ
2012-02-09 23:08 ` Jason Markley
2012-02-10 0:09 ` Graeme Russ
2012-02-10 11:44 ` Wolfgang Denk
2012-02-09 19:56 ` Jason Markley
[not found] ` <4F33E93E.5070804@ggsg.cisco.com>
2012-02-10 7:07 ` Wolfgang Denk
2012-02-10 13:47 ` Jason Markley [this message]
2012-02-10 14:23 ` Wolfgang Denk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F351FDC.5010000@ggsg.cisco.com \
--to=jamarkle@ggsg.cisco.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox