On Mon, Mar 25, 2013 at 2:52 PM, PaX Team <pagee...@freemail.hu> wrote: > On 25 Mar 2013 at 9:01, Kfir Lavi wrote: > >> Hi, >> I'm looking for a way to reduce glibc code size. >> It can be a way to make system smaller and minimize the impact >> of attack vectors in glibc, as in return-to-libc attack. > > study this and draw your conclusions whether the whole exercise is > worth it or not: > > https://www.usenix.org/conference/usenix-security-11/q-exploit-hardening-made-easy > > Thanks for sharing this talk. I didn't know that the program image in Linux is not randomize by ASLR. What i understand from this talk: I can probably take a lot of code out of glibc, but it will never be less then 20K, which lets attacker that is able to jump to glibc, to construct his ROP program. As I don't have much experience in security, my question would be: Can we deploy another mechanism to fight this ROP program building from the program image?
Thanks, Kfir
