I am not sure that many people with deep offensive experience would agree that fine-grained KASLR is a good solution here (but I've had this discussion many times in the past and am frankly tired that it keeps coming back).
2/n: single-leak KASLR exposure reinforcing the need for Function-Granular KASLR.
While KASLR adds an additional hurdle, a single exposure will fully bypass it. Gaining FGKASLR would strongly diminish the value of a single exposure.
github.com/KSPP/linux/issues…
5
7
2
52
You may be happy to hear that ~10 years ago we did R&D on fine-grained randomization of images on Windows, but we chose not to move forward with it because we didn't think it would provide enough long-term value :)
priorart.ip.com/IPCOM/000210…
3
4
37
sorry to burst your bubble there :) but another 10y before your R&D the *very first* version of ASLR implemented per-mmap randomization (and had in fact been called ASR for a whole week maybe before i figured that it had enough bad sideeffects and went with ASLR ever since).
Nov 25, 2021 · 10:06 AM UTC
1
3