On 19/12/14 03:50 AM, Lukas Jirkovsky wrote:
No matter how much I like the idea of making Arch more secure, there is one thing that makes compiling the whole system with ASLR one big no-go for me (please correct me if I'm wrong). As far as I know, the ASLR makes core dumps completely useless, and also makes it impossible to make any sense from addresses in backtrace (assume that you get a backtrace from an application without debugging symbols). I guess the same thing would happen with valgrind, too.
I would be OK with building things from core with ASLR, as they should very stable, but not whole Arch.
Lukas
The address of dynamic libraries, the stack and the heap (both sbrk and the mmap base) is already randomized today so the backtrace is already going to include randomized addresses for anything defined in a library. PIE makes it possible for the executable base to be relocated, which *also* randomizes the code and data defined in the executable and some global data structures like the GOT / PLT. ASLR needs PIE to be a truly useful exploit mitigation but it's still there without it. An executable is compiled as PIE is compatible with full ASLR but it doesn't force users to use it. ASLR can be disabled by setting /proc/sys/kernel/randomize_va_space to 0. It's also possible to do it for a single process (far better idea), which this wrapper tool will do: #include <sys/personality.h> #include <unistd.h> int main(int argc, char **argv) { if (argc < 2) errx(1, "not enough arguments"); int orig_personality = personality(0xffffffff); if (orig_personality == -1) err(1, "personality"); if (personality(orig_personality|ADDR_NO_RANDOMIZE) == -1) err(1, "personality"); execvp(argv[1], argv + 1); err(1, "execvp"); } This will actually be done by gdb already unless `set disable-randomization off` is used. There are already a few security conscious packages already enabling this on their own, and this will likely become more common. Here's an incomplete list for anyone curious: * colord * chromium * cups * playpen * openssh * qemu * sudo * systemd * upower * tor * wireshark