On Thursday 09 February 2012 15:06:48 Scott Wood wrote: > As for tftpload not having length bounds, that's the kind of thing that > anyone trying to put together a secure loader would want to fix > (assuming they're using tftpload in the first place)
which is my point -- u-boot is so completely opening, throwing ASLR in there makes no sense. there are plenty of ways to break the system. > but if such a hole > gets through, perhaps ASLR might make it more difficult to use that > length overrun to take control of the system (versus simply crash it). if you can overwrite any of u-boot, then i doubt this is that hard. this is what NOP slides are very good at. > >> It probably doesn't make sense as default behavior, but I could see it > >> being useful in some situations. > > > > such as ? > > When you can solve issues such as entropy generation, and are limiting > external exposure to interfaces that should be secure (but might have > bugs). I can especially see people wanting this who are using hardware > secure boot mechanisms (i.e. U-Boot itself was cryptographically verified). this isn't an example of how ASLR would be useful -mike
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
