[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from dpkg developers - dpkg 1.16.1

On Wed, Sep 28, 2011 at 11:38:06PM +0200, Mike Hommey wrote:
> On Wed, Sep 28, 2011 at 10:52:15PM +0300, Riku Voipio wrote:
> > On Tue, Sep 27, 2011 at 06:01:54PM -0700, Kees Cook wrote:
> > > Just to be explicit, PIE tends to have small (<1%) performance hits on
> > > register-starved architectures (i386) in most cases, for for certain work
> > > loads (e.g. python) the hit is large (~15%). On architectures with plenty
> > > of registers (amd64) there's virtually no measurable performance hit that
> > > I've seen.
> >  
> > > If your package handles 3rd party data of any kind (renders, network
> > > daemons, file parsers, etc), I strongly recommend enabling PIE.
> > 
> > However, on 32bit architectures address space randomizing (which is why
> > people try sell PIE as a security feature) does not add much security.
> > 
> >   http://benpfaff.org/papers/asrandom.pdf
> Also note that as long as you can read memory in the process and have
> access to /proc/self/auxv, you can find the base address of all
> libraries.

The auxv file isn't readable after a uid transition, and if an attacker
has sufficient control over a process to read /proc/self, ASLR is already
a non-issue for that exploit. :)

That said, yes, plugging leaks of process memory locations is important
when defending against local attacks. Remote attacks will have many fewer
opportunities for finding memory location leaks.


Kees Cook                                            @debian.org

Reply to: