oss-sec mailing list archives
Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch
From: Simon McVittie <smcv () debian org>
Date: Mon, 8 Jul 2024 20:05:13 +0100
On Mon, 08 Jul 2024 at 12:37:08 -0400, Will Dormann wrote:
- Modern (e.g. 6.x kernel) x86 platforms load a large-enough libc at the same address every time. (i.e. no practical ASLR -- "ASLRn't")
To be more clear about this, when you said "x86" in that message, did you
mean a purely 32-bit x86 system (also known as IA32, i386 or similar),
with a 32-bit kernel and 32-bit user-space?
Or did you mean the whole 32- and 64-bit CPU family, including the purely
32-bit systems described above, but also x86_64?
Based on how you contrasted "x86 systems" vs. x86_64 kernels running
various user-space processes, I think (I hope!) you are using x86 to mean
the 32-bit architecture specifically, similar to how the Meson build
system uses the term; but some writers, projects and APIs say "x86" as
an umbrella term that includes both 32- and 64-bit flavours, the same
way you might talk about "ARM" and intend that to include 64-bit ARMv8.
So I think it would be useful to clarify which you meant.
smcv
Current thread:
- ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Florian Weimer (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch David A. Wheeler (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Florian Weimer (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Simon McVittie (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 08)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 10)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 10)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 11)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 11)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 10)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 10)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch David A. Wheeler (Jul 11)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 12)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Jacob Bachmeyer (Jul 13)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 13)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Florian Weimer (Jul 08)