Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I would love to see this make it upstream. I use PaX/grsec under linux and one of my favorite things about them is that they try to enforce w^x.

Unfortunately, a ton of programs break this policy (seemingly for no benefit). Having upstream firefox respect w^x anyway would mean I could remove its exception under PaX and a whole class of possible security flaws just GoAway™.

Ideally, I'd love to see Linux embrace w^x generally, but the kernel devs do not seem terribly interested in that. Either way, keep up the rockin' work OpenBSD team!

Edit: Oh wait! The patch for this is actually upstream! This bit of news is OpenBSD enabling it! That's awesome! /me tries to rebuild firefox with the patch enabled.



>and a whole class of possible security flaws just GoAway™.

Technically not true, they don't go away, they're just harder(and not that much harder) to exploit.


It changes a broad class of attack exploits to require return-oriented programming techniques to exploit. Are you seriously claiming that ROP isn't "that much harder" than injecting arbitrary code?


libc by itself provides a Turing-complete set of ROP gadgets: <http://www.cs.ncsu.edu/faculty/jiang/pubs/RAID11.pdf>.


First of all: thanks! I'm excited to read this!

Second of all: ugh! Dear HackerNews team, please fix your URL matching algorithm so it doesn't include <> in URLs; they're actually explicitly recommended by the URI RFC as delimiters.

Sincerely,

halosghost


Here's the original paper of this attack (AFAIK): http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf

The other paper shows that this technique is Turing complete.

But yes, basically W^X is defeated.


>Are you seriously claiming that ROP isn't "that much harder" than injecting arbitrary code?

Yes I am.


I think you're using overly vague classes if you can't point to classes of attack that are flat-out blocked.


Try running Gentoo hardened. It makes it a lot easier to run on Grsec and Pax kernel.


Actually, though I deeply enjoy grsec and pax, I find it to work just fine with Arch. I have definitely considered gentoo hardened though; the notion of being able to rebuild everything exactly how I'd like it is pretty damn tempting. Thank you for the recommendation; everytime someone gives me a serious recommendation for Gentoo, I always have to take a moment and give it a more serious thought :)


seconding the gentoo recommendation. PaX/grsec is far easier under OpenRC.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: