On Thursday 09 February 2012 15:06:48 Scott Wood wrote:
> As for tftpload not having length bounds, that's the kind of thing that
> anyone trying to put together a secure loader would want to fix
> (assuming they're using tftpload in the first place)

which is my point -- u-boot is so completely opening, throwing ASLR in there 
makes no sense.  there are plenty of ways to break the system.

> but if such a hole
> gets through, perhaps ASLR might make it more difficult to use that
> length overrun to take control of the system (versus simply crash it).

if you can overwrite any of u-boot, then i doubt this is that hard.  this is 
what NOP slides are very good at.

> >> It probably doesn't make sense as default behavior, but I could see it
> >> being useful in some situations.
> > 
> > such as ?
> 
> When you can solve issues such as entropy generation, and are limiting
> external exposure to interfaces that should be secure (but might have
> bugs).  I can especially see people wanting this who are using hardware
> secure boot mechanisms (i.e. U-Boot itself was cryptographically verified).

this isn't an example of how ASLR would be useful
-mike

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Reply via email to