glibc is about to effectively turn off ASLR by default on x86_64 because some broken Intel chips are 3% slower. https://sourceware.org/ml/libc-alpha/2015-12/msg00221.html …
-
-
@RichFelker For local attacks on SUIDs, you're right that we need an exception where full ASLR would be enabled despite performance impact -
@solardiz I still think the default should always be full ASLR. Non-suid apps can then honor an env var to restrict to 32-bit space. -
@RichFelker I think you should post a follow-up suggesting at least the SUID exception. In fact, it's wrong to honor an env var in SUID.
End of conversation
New conversation -
-
-
@RichFelker Sure, but for remote attacks and eventual lockout (which we need upstreamed in the kernel), "32-bit" ASLR is better than nothing -
@solardiz Sure. And 32-bit ASLR protects well against one-chance things like user apps loading malicious files/sites. Just not other threats
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.