On Mon, 22 Dec 2014, Andy Lutomirski wrote: > a. With PIE executables, the offset from the executable to the > libraries is constant. This is unfortunate when your threat model > allows you to learn the executable base address and all your gadgets > are in shared libraries.
When I was originally pushing PIE executable randomization, I have been thinking about ways to solve this. In theory, we could start playing games with load_addr in load_elf_interp() and randomizing it completely independently from mmap() base randomization, but the question is whether it's really worth the hassle and binfmt_elf code complication. I am not convinced. -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
