OPNsense Forum

English Forums => Development and Code Review => Topic started by: cibomato on February 15, 2017, 08:54:59 pm

Title: ASLR unsicher?
Post by: cibomato on February 15, 2017, 08:54:59 pm

Jetzt ist das gerade neu in OPNsense und nun das:
https://www.heise.de/newsticker/meldung/Schutz-durch-Speicherverwuerfelung-ASLR-geknackt-3627176.html
 (https://www.heise.de/newsticker/meldung/Schutz-durch-Speicherverwuerfelung-ASLR-geknackt-3627176.html)

Was ist davon zu halten?

Viele Grüße,

Jochen

Title: Re: ASLR unsicher?
Post by: weust on February 15, 2017, 09:20:42 pm

That only applies to Webbrowsers. OPNsense isn't one ;-)

Title: Re: ASLR unsicher?
Post by: fabian on February 15, 2017, 09:37:49 pm

No, it applies to any application, however if you can execute this type of attack, broken ASLR is the smallest problem (this means the attacker can already execute code).

Title: Re: ASLR unsicher?
Post by: franco on February 15, 2017, 09:59:33 pm

A few notes from Shawn on the particular attack:

https://github.com/lattera/articles/blob/master/infosec/Exploit%20Mitigations/ASLR/2017-02-15_anc/article.md

Title: Re: ASLR unsicher?
Post by: lattera on February 15, 2017, 10:44:48 pm

ASLR is still an awesome addition to OPNsense since the AnC attack doesn't really apply to the applications installed on a typical OPNsense deployment. In order to carry out the attack, the attacker must be able to instrument the MMU, which is only possible with applications that accept and execute attacker-controlled code and provide performance APIs (like javascript in popular web browsers).