On 04/11/2013 08:19 AM, Miloslav Trmač wrote: > (I'll call "mutating ASLR" a setup where the addresses change frequently, > and "static ASLR" a setup where the addresses change only sometimes > but differ between systems.) > > * Servers that accept outside connections definitely should have mutating ASLR > (attackers can make millions of connection attempts and outguess static ASLR). > So PIE and prelink unused or ineffective (== current policy). What does it mean "So PIE and prelink unused or ineffective"? That phrase lacks a verb. Also missing is the reasoning of how the conclusion "... unused or ineffective" is connected to the antecedent "attackers can ... outguess static ASLR". Is it cause-and-effect, or is it a counterexample, or what? A process that is invoked by xinetd in response to a particular packet, and which terminates after serving only one logical connection, and whose executable is built using "gcc -pie -FPIE, and not pre-inked, then operates with short-lived, high-frequency, mutating ASLR. That's one case of a "server" process invoked by xinetd. That same executable can be prelinked twice per hour, or once per hour, or once per day depending on historical frequency, real-time monitoring of logs, etc. Then it operates under mutating ASLR with medium or adapting frequency. That's another case of "server". If "server" is a whole system which lasts at least one day (tens or hundreds of thousands of processes, or more) then "all executables -pie and -fPIE; and no prelink" is a highest-frequency mutating ASLR. It also has the highest direct cost for performing all that randomized relocation. What's the point? -- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
