1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ASLR bypassable=security problem

Discussion in 'Random Nonsense' started by cloasters, Oct 21, 2016.

  1. cloasters

    cloasters Well-Known Member

    Joined:
    Jul 3, 2013
    Messages:
    3,099
    Likes Received:
    53
    Trophy Points:
    48
  2. Gizmo

    Gizmo Chief Site Administrator Staff Member

    Joined:
    Dec 6, 2012
    Messages:
    2,073
    Likes Received:
    117
    Trophy Points:
    63
    Location:
    Webb City, Missouri
    Home page:
    This is currently a non-trivial attack to implement and requires the attacker to already have the ability to run applications on the local machine. Coupled with a web server compromise or a SQL injection attack, however, it could conceivably be used as a privilege escalation attack. The basic take-away here is that you need to be sure you've got all your patches installed. Side-channel attacks like this (where the attack targets the system hardware as opposed to the software) are somewhat rare right now, but are only going to get worse as the software gets better at repelling other kinds of attacks.

    The scary thing about all of this is that if someone successfully develops a hardware-based attack, it's likely that there's little can be done to mitigate it in most situations. Even if something can be done in the hardware, it will usually require a CHANGE in the hardware to implement the fix.

    In this case, I'm not even sure there's something that CAN be done, since the attack is actually targeting hardware that NEEDS to operate pretty much the way it does.
    booman likes this.
  3. cloasters

    cloasters Well-Known Member

    Joined:
    Jul 3, 2013
    Messages:
    3,099
    Likes Received:
    53
    Trophy Points:
    48
    Thank you for this info, Gizmo! Wow, a change in hardware might be needed to address this kind of attack. I pray that no one (yeah, I know. Good luck with that) bothers to implement this kind of assault on our machines. Could you say that a successful implementation of this attack could "brick" your PC?
  4. booman

    booman Grand High Exalted Mystic Emperor of Linux Gaming Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,492
    Likes Received:
    542
    Trophy Points:
    113
    Location:
    Linux, Arizona
    Home page:
    A hardware attack could be something as simple as someone stealing your laptop or breaking into your house and stealing your desktop.
    Unfortunately more threats are going to appear as Linux becomes more popular for home/entertainment use. Most of the threats I hear about are focused on web servers since that is where Linux is most prevalent.
  5. Gizmo

    Gizmo Chief Site Administrator Staff Member

    Joined:
    Dec 6, 2012
    Messages:
    2,073
    Likes Received:
    117
    Trophy Points:
    63
    Location:
    Webb City, Missouri
    Home page:
    This attack doesn't focus on Linux, indeed it doesn't care WHAT operating system you are using, and in most cases it doesn't even matter which PROCESSOR. Pretty much ANY MODERN processor is vulnerable, regardless of what operating system they are running.

    There's another attack called RowHammer which works by attacking the physical structure of DRAM to selectively flip bits in memory. Again, it doesn't care about operating system (other than just needing to know which bits to flip in order to get root/admin access), nor does it care about processor. This attack was just recently demonstrated as being viable (it was previously an academic curiosity).
  6. cloasters

    cloasters Well-Known Member

    Joined:
    Jul 3, 2013
    Messages:
    3,099
    Likes Received:
    53
    Trophy Points:
    48
    Flipping a few bits in Memory maybe could wreck an OS installation unless there's a simple fix. I really don't know how hard it would be to recover from such an attack. Or if any recovery short of wiping a hard disk and an OS re-installation is possible.
    Perhaps I see too much in these latest asinine attempts to wreck your day. I hope so!
  7. Daniel~

    Daniel~ Chief BBS Administrator Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,034
    Likes Received:
    100
    Trophy Points:
    63
    Location:
    Greenwater WA
    Home page:
    George, my friend...You remind me of a guy using a microscope for the first time. He's suddenly made aware that he's not alone!!
    A terrorizing moment passes before he realizes that all those terrorizing creatures have always been there without doing to much harm.

    But now that he is made aware of them he can to some degree arm himself in advance by good practices.
    So in the end all the terror he had to endure in the beginning brings about a more secure situation.

    Something that helps me sleep on my more insecure nights... Of all the hacks, bugs, scripts D-dos and friends that I have read about, I have actually personally encountered exactly Zero.

    I have been hit by lighting as often as by hackers!

    In short, a new parent worries, that's just what we do.":O}
  8. cloasters

    cloasters Well-Known Member

    Joined:
    Jul 3, 2013
    Messages:
    3,099
    Likes Received:
    53
    Trophy Points:
    48
    Oh dear, I think I still have a hangover from my years of having to keep track of the hundreds of bugs and weaknesses that demanded attention in MS land. I'll endeavor to relax here in Linux land!
  9. Daniel~

    Daniel~ Chief BBS Administrator Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,034
    Likes Received:
    100
    Trophy Points:
    63
    Location:
    Greenwater WA
    Home page:
    Belie me, I once shared your MS PTS. But time has slowly changed me into a more trusting fellow.":O}
  10. cloasters

    cloasters Well-Known Member

    Joined:
    Jul 3, 2013
    Messages:
    3,099
    Likes Received:
    53
    Trophy Points:
    48
    "MS PTS." I love that phrase! Too bad it's so true in my case.
  11. pinky

    pinky New Member

    Joined:
    Mar 3, 2017
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    speaking of initialisms... i landed here by reading aslr as asmr by mistake o_O
  12. Daniel~

    Daniel~ Chief BBS Administrator Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,034
    Likes Received:
    100
    Trophy Points:
    63
    Location:
    Greenwater WA
    Home page:
    Welcome Pinky!

    What interesting interests you have! I wasn't able to trigger a response in myself. Did anyone get the results expected?
  13. pinky

    pinky New Member

    Joined:
    Mar 3, 2017
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    i can sort of tell when something is meant to be having the effect,
    but haven't really had anything generate the actual effect (i think)

    what really interested me was the concept of whispering
    being linked to some kind of potential security breach :rolling:

    [ps: thanks for the welcome, i hope i'm transitioning into technical forum protocol]
  14. Daniel~

    Daniel~ Chief BBS Administrator Staff Member

    Joined:
    Dec 17, 2012
    Messages:
    7,034
    Likes Received:
    100
    Trophy Points:
    63
    Location:
    Greenwater WA
    Home page:
    I can see and hear you just fine, so you probably need no adjustments at this time.
    The whole synthesizes thing warps my mind a bit trying to conceive of what such a cross wiring might be like.
  15. cloasters

    cloasters Well-Known Member

    Joined:
    Jul 3, 2013
    Messages:
    3,099
    Likes Received:
    53
    Trophy Points:
    48
    I may well be wrong but I think I recall a Pinky at the olde AOA site. Wonder if the two Pinky's are related somehow?

Share This Page