← Back to team overview

ubuntu-phone team mailing list archive

Re: mapplauncher

 

On 2015-07-29 10:26 AM, Ted Gould wrote:
> On Wed, 2015-07-29 at 11:25 +0300, Alberto Mardegan wrote:
>> On 07/29/2015 07:07 AM, Tyler Hicks wrote:
>> > This stage is not sufficient since there is no exec() performed
>> > here. This removes the possibility of per-process address space
>> > layout randomization (ASLR). All processes on the system that were
>> > spawned by qml-booster will have the same memory layout, even if
>> > the program authors are trying to do the right thing by building
>> > with -fPIE.
>>
>> Can you elaborate a bit on the risks of not having ASLR? As I
>> understand it, since the process is confined, it still won't be able
>> to perform any action that a malicious application wouldn't be able to
>> do, right?
> 
> Yes, assuming that all of our interfaces and security profiles have no bugs,
> ASLR doesn't provide additional benefit. But that's not an assumption that I'm
> willing to make.
> 
> Security is provided by having layers like an onion. ASLR is one of those
> layers. Not having it doesn't make things insecure but it does make things less
> secure.
> 
> Personally, as a user, I wouldn't want it to be an option that app developers
> could disable.

ASLR isn't about protecting against malicious applications, it's to make
legitimate applications that contain a security bug harder to exploit. While the
application is still confined, whatever data is available to the legitimate
application can be compromised by the exploit.

Marc.




References