Post by ***@rlgsc.com...Linux suffers from having a monolithic and fully privileged kernel
address space in the same way as VMS but it also has features that VMS
doesn't which make it more secure. At one level, it has KASLR, and at
the other end of the scale it has full mandatory access control
capabilities in the form of SELinux. It also has other security and
isolation features that VMS does not...
The real efficacy of ASLR depends upon the entropy of the
randomization. Brute force script attacks are prevented effectively,
but if the entropy is not high, one can simply keep trying by brute
force.
Ayup. If the apps are stuck in 32-bit (P0/P1) space, there's less
entropy available as the apps and dependencies increase in size.
With code in 64-bit (P2) space (compile 64-bit, and then LINK
/SEGMENT_ATTRIBUTE=mumblefratz), the available address space
randomization is larger.
Reordering the dependent image activation can be an option for
increasing the available entropy even within 32-bit (P0/P1) space,
among other discussions.
An alternative to ASLR and KASLR is pointer authentication, and that
mechanism is starting to see production deployments:
https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf
https://support.apple.com/guide/security/pointer-authentication-codes-seca5759bf02/1/web/1
https://pointer-authentication.github.io
There's also the somewhat simpler approach of pointer tagging, too:
https://www.microsoft.com/en-us/research/uploads/prod/2019/07/Pointer-Tagging-for-Memory-Safety.pdf
The goal here of ASLR/KASLR or pointer authentication or pointer
tagging being to get the attacker to expose their efforts with app or
system crashes, as part of efforts to reduce the risks around assuming
developers writing perfect code.
But before I'd expect to see pointer authentication or pointer tagging
or ASLR/KASLR, there is likely other security-related work pending at
VSI. This work might well include work on sandboxes, app signing,
telemetry, logging (including system and app crashes, and attempted
security exploits leading to run-time errors), integration of SSL and
certificates, modern password hashes, wider use of encryption, fuzzing,
dragging more apps and tooling and APIs forward into 64-bit addressing,
etc. This as most attackers will bypass the most robust defenses, if
there exist easier alternative exploits. And there's the work on the
x86-64 port, which has priority over most.
--
Pure Personal Opinion | HoffmanLabs LLC