On Thursday 09 February 2012 15:06:48 Scott Wood wrote:
As for tftpload not having length bounds, that's the kind of thing that anyone trying to put together a secure loader would want to fix (assuming they're using tftpload in the first place)
which is my point -- u-boot is so completely opening, throwing ASLR in there makes no sense. there are plenty of ways to break the system.
but if such a hole gets through, perhaps ASLR might make it more difficult to use that length overrun to take control of the system (versus simply crash it).
if you can overwrite any of u-boot, then i doubt this is that hard. this is what NOP slides are very good at.
It probably doesn't make sense as default behavior, but I could see it being useful in some situations.
such as ?
When you can solve issues such as entropy generation, and are limiting external exposure to interfaces that should be secure (but might have bugs). I can especially see people wanting this who are using hardware secure boot mechanisms (i.e. U-Boot itself was cryptographically verified).
this isn't an example of how ASLR would be useful -mike