[U-Boot] Does U-boot support ASLR?
Jason Markley (ggsg)
jamarkle at ggsg.cisco.com
Fri Feb 10 14:47:08 CET 2012
On 2/10/12 2:07 AM, Wolfgang Denk wrote:
> Dear Jason,
>
> please keep the ML on Cc:
>
> In message <4F33E93E.5070804 at ggsg.cisco.com> you wrote:
>> Do you happen to have a reference to that presentation? I'm very
>> interested, as i thought ASLR was in place to make it harder. I've done
>> a weak google search but haven't turned up anything.
> I'm sorry - I already searched when I wrote my first reply, but I
> didn't save the link when I read this. I am pretty much sure that it
> was in an article posted on http://www.heise.de/newsticker/ (and that
> it was in German language), but then it's likely that a similar
> article has been posted to http://www.h-online.com/ .
>
> I can find a few articles that talk about ways to outsmart ASLR, for
> example
> http://www.h-online.com/security/features/Return-of-the-sprayer-exploits-to-beat-DEP-and-ASLR-1171463.html
> but none of the ones I checked contained the statement I quoted (that
> ASLR actually makes it easier for crackers), or I didn't find it.
>
>
> Yes, the ideas behind ASLR was to make breaking into systems harder,
> and it does so for conventional attack methods. But breaking into
> systems is an art, and each new protection mechanism will attract
> forces to break them. In the end, you have to ask yourself if the
> efforts for a protection mechanism is worth the increaseof security it
> gives you.
>
> As others have pointed out, U-Boot (while running in interactive mode)
> is pretty much open for unlimited access anyway, so what is there to
> protect?
>
> And in production mode, U-Boot will just load and start some OS,
> and will be gone within a few milliseconds - if configured correctly,
> with little chances for break in.
Again, what about the U-boot API feature? I want to use the API
feature, and have U-boot 'stick around' for more than 'a few
milliseconds' as you put it. In production mode, when using the API
feature, I think ASLR has some merrit
-Jason
>
> Unless you attach a JTAG debugger - but then you are p0wned anyway.
>
>
> Best regards,
>
> Wolfgang Denk
>
More information about the U-Boot
mailing list