User: Password:
Subscribe / Log in / New account

Randomizing the kernel

Randomizing the kernel

Posted Apr 11, 2013 23:58 UTC (Thu) by Beolach (subscriber, #77384)
Parent article: Randomizing the kernel

Just a couple weeks back, LWN posted a link to the PaX Team calling KASLR Cargo Cult Security. I quite liked the metaphor they used to illustrate how small a benefit it gives:

this moving target only moves once and is pretty easy to spot.
That said, even w/ only minuscule benefit, I think it might still be worthwhile, if it has an even more minuscule cost. Does anyone know if KASLR has any impact on performance?

(Log in to post comments)

Randomizing the kernel

Posted Apr 12, 2013 13:09 UTC (Fri) by tialaramex (subscriber, #21167) [Link]

The earlier link is already mentioned in the article. Deciding whether defences are worthwhile is largely impossible unless you have in mind a specific threat model.

All ASLR-style defences have entirely practical statistical attacks, so if the threat you're modelling wouldn't be phased by that then it's worthless /for that model/. This is a contrast to something like W^X which isn't statistical, an attack that's stopped by W^X is stopped, maybe it can be re-activated by another route, but it can't just be retried (or used against more hosts) with the expectation that it will eventually work.

I make the distinction _entirely practical_ because there are theoretical statistical attacks against a lot of things which we can discount. We quite reasonably don't consider "just guessing" a 128 bit AES secret key to be a practical attack on a scheme using AES encryption for example.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds