Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Am 04.04.2013 20:54, schrieb Bill Nottingham:
> Jakub Jelinek (jakub@xxxxxxxxxx) said: 
>> On Wed, Apr 03, 2013 at 01:53:27AM +0200, Reindl Harald wrote:
>>>> A prelinked module reduces time spent in ld-linux, and increases sharing
>>>> of pages (which reduces time spent in kernel duplicating copy-on-write pages.)
>>>> The savings are *visible* when invoking an interactive GUI program that has
>>>> dozens of shared libraries, or when several hundred smaller executables
>>>> are invoked each second, such as some 'make' clouds, etc.
>>>
>>> not noticeable compared with the security flaws
>>
>> Security flaws?  Security flaws are the bugs that can be exploited, you are
>> clearly overestimating the role of ASLR (especially when on some targets
>> like x86_64 there is a fixed address syscall+ret instruction mapped into
>> every process anyway), it is just one of the many mitigating factors.
>> Shared libraries loaded by a PIE are ignoring prelink chosen addresses,
>> so they are fully randomized each time, and network facing daemons or suid
>> apps should be built that way.  But, for other binaries, PIE is way too
>> costly (even when say on x86_64 the PIC register setup is basically for
>> free, there is the significant cost of one extra indirection level) and when
>> the binary isn't randomized, you can always return to the binary as opposed
>> to shared libraries.
>> If you don't care about the speed of execution of any programs, just compile
>> everything with -fsanitize=address (that will be only ~ 2x slowdown or so).
> 
> My concern is simply that prelink was (theoretically) sold as a mechanism
> to speed up the start of large, complex, GUI programs. Unfortuantely, most
> of the large, complex, GUI programs are the ones that are parsing untrusted
> content, and therefore make the most sense for PIE compilation

exactly that is the point

you do not need any network-service or long living prcoess
google for "CVE poppler" to get a picture about PDF and
you will find the same for nearly any application or common
used library in the last few years

there is no single piece of software on this world which
was not exploitable in whatever way, not a single and if
you find one nobody cared enough to search for the exploit

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux