[Info-vax] Security, ASLR, KASLR, Pointers (was: Re: VMS x86 performance ?)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Nov 2 15:09:45 EST 2020
On 2020-11-02 17:41:58 +0000, geze... at rlgsc.com said:
> On Monday, November 2, 2020 at 8:41:43 AM UTC-5, Simon Clubley wrote:
>>
>> ...Linux suffers from having a monolithic and fully privileged kernel
>> address space in the same way as VMS but it also has features that VMS
>> doesn't which make it more secure. At one level, it has KASLR, and at
>> the other end of the scale it has full mandatory access control
>> capabilities in the form of SELinux. It also has other security and
>> isolation features that VMS does not...
>
> The real efficacy of ASLR depends upon the entropy of the
> randomization. Brute force script attacks are prevented effectively,
> but if the entropy is not high, one can simply keep trying by brute
> force.
Ayup. If the apps are stuck in 32-bit (P0/P1) space, there's less
entropy available as the apps and dependencies increase in size.
With code in 64-bit (P2) space (compile 64-bit, and then LINK
/SEGMENT_ATTRIBUTE=mumblefratz), the available address space
randomization is larger.
Reordering the dependent image activation can be an option for
increasing the available entropy even within 32-bit (P0/P1) space,
among other discussions.
An alternative to ASLR and KASLR is pointer authentication, and that
mechanism is starting to see production deployments:
https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf
https://support.apple.com/guide/security/pointer-authentication-codes-seca5759bf02/1/web/1
https://pointer-authentication.github.io
There's also the somewhat simpler approach of pointer tagging, too:
https://www.microsoft.com/en-us/research/uploads/prod/2019/07/Pointer-Tagging-for-Memory-Safety.pdf
The goal here of ASLR/KASLR or pointer authentication or pointer
tagging being to get the attacker to expose their efforts with app or
system crashes, as part of efforts to reduce the risks around assuming
developers writing perfect code.
But before I'd expect to see pointer authentication or pointer tagging
or ASLR/KASLR, there is likely other security-related work pending at
VSI. This work might well include work on sandboxes, app signing,
telemetry, logging (including system and app crashes, and attempted
security exploits leading to run-time errors), integration of SSL and
certificates, modern password hashes, wider use of encryption, fuzzing,
dragging more apps and tooling and APIs forward into 64-bit addressing,
etc. This as most attackers will bypass the most robust defenses, if
there exist easier alternative exploits. And there's the work on the
x86-64 port, which has priority over most.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list