On 2015-07-29 10:26 AM, Ted Gould wrote: > On Wed, 2015-07-29 at 11:25 +0300, Alberto Mardegan wrote: >> On 07/29/2015 07:07 AM, Tyler Hicks wrote: >> > This stage is not sufficient since there is no exec() performed >> > here. This removes the possibility of per-process address space >> > layout randomization (ASLR). All processes on the system that were >> > spawned by qml-booster will have the same memory layout, even if >> > the program authors are trying to do the right thing by building >> > with -fPIE. >> >> Can you elaborate a bit on the risks of not having ASLR? As I >> understand it, since the process is confined, it still won't be able >> to perform any action that a malicious application wouldn't be able to >> do, right? > > Yes, assuming that all of our interfaces and security profiles have no bugs, > ASLR doesn't provide additional benefit. But that's not an assumption that I'm > willing to make. > > Security is provided by having layers like an onion. ASLR is one of those > layers. Not having it doesn't make things insecure but it does make things > less > secure. > > Personally, as a user, I wouldn't want it to be an option that app developers > could disable.
ASLR isn't about protecting against malicious applications, it's to make legitimate applications that contain a security bug harder to exploit. While the application is still confined, whatever data is available to the legitimate application can be compromised by the exploit. Marc. -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
