From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Markley (ggsg) Date: Fri, 10 Feb 2012 08:47:08 -0500 Subject: [U-Boot] Does U-boot support ASLR? In-Reply-To: <20120210070729.47C4F14BC602@gemini.denx.de> References: <4F33DC75.4040002@ggsg.cisco.com> <20120209151329.60F5F193BB47@gemini.denx.de> <4F33E93E.5070804@ggsg.cisco.com> <20120210070729.47C4F14BC602@gemini.denx.de> Message-ID: <4F351FDC.5010000@ggsg.cisco.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 2/10/12 2:07 AM, Wolfgang Denk wrote: > Dear Jason, > > please keep the ML on Cc: > > In message <4F33E93E.5070804@ggsg.cisco.com> you wrote: >> Do you happen to have a reference to that presentation? I'm very >> interested, as i thought ASLR was in place to make it harder. I've done >> a weak google search but haven't turned up anything. > I'm sorry - I already searched when I wrote my first reply, but I > didn't save the link when I read this. I am pretty much sure that it > was in an article posted on http://www.heise.de/newsticker/ (and that > it was in German language), but then it's likely that a similar > article has been posted to http://www.h-online.com/ . > > I can find a few articles that talk about ways to outsmart ASLR, for > example > http://www.h-online.com/security/features/Return-of-the-sprayer-exploits-to-beat-DEP-and-ASLR-1171463.html > but none of the ones I checked contained the statement I quoted (that > ASLR actually makes it easier for crackers), or I didn't find it. > > > Yes, the ideas behind ASLR was to make breaking into systems harder, > and it does so for conventional attack methods. But breaking into > systems is an art, and each new protection mechanism will attract > forces to break them. In the end, you have to ask yourself if the > efforts for a protection mechanism is worth the increaseof security it > gives you. > > As others have pointed out, U-Boot (while running in interactive mode) > is pretty much open for unlimited access anyway, so what is there to > protect? > > And in production mode, U-Boot will just load and start some OS, > and will be gone within a few milliseconds - if configured correctly, > with little chances for break in. Again, what about the U-boot API feature? I want to use the API feature, and have U-boot 'stick around' for more than 'a few milliseconds' as you put it. In production mode, when using the API feature, I think ASLR has some merrit -Jason > > Unless you attach a JTAG debugger - but then you are p0wned anyway. > > > Best regards, > > Wolfgang Denk >