On Thu, Oct 20, 2016 at 10:40:28AM +0200, Peter Janos wrote: > Hello, > > http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha > swell-cpu-509460.shtml > ?? > paper: > http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs > /micro16.pdf] > ?? > could we somehow prevent this attack on OpenBSD?
if you read the paper, you will notice that they only tested on Ubuntu and OSX, neither of which actually ship with ASLR enabled by default if I remember correctly. The paper has no(!) references to OpenBSD, they never show any actual code, and it appears that this is a local exploit that seems to require that the victim and spy processes share the same virtual address space, meaning that ASLR isn't actually enabled. Shawn Webb (HardenedBSD and trying to get ASLR into FreeBSD) has a preliminary writeup at https://gist.github.com/lattera/c785e7088118442f10addf8c6017c7d0 with a finished version due whenever he gets it done. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
