← Back to context Comment by IAmLiterallyAB 9 hours ago Yes but at best their "solution" is equally secure, not any better. 4 comments IAmLiterallyAB Reply ordu 7 hours ago They argue, and I tend to agree, that their solution is more secure.1. It impiles some function pointers to be writable temporarily, not all of them.2. It doesn't hide writable pointers from a cursory glance not familiar with IFUNC. anarazel 6 hours ago The GOT has to be initially writable regardless of ifunc, even with relro, to apply relocations. kstrauser 7 hours ago Would xz still have been able to alter opensshd without IFUNC? rwmj 3 hours ago Yes, liblzma could have used multiple routes to take over sshd. Once you're running inside the process it's game over. The exact details, like how they used ifunc and an audit hook, are very interesting, but ultimately not that important.
ordu 7 hours ago They argue, and I tend to agree, that their solution is more secure.1. It impiles some function pointers to be writable temporarily, not all of them.2. It doesn't hide writable pointers from a cursory glance not familiar with IFUNC. anarazel 6 hours ago The GOT has to be initially writable regardless of ifunc, even with relro, to apply relocations.
anarazel 6 hours ago The GOT has to be initially writable regardless of ifunc, even with relro, to apply relocations.
kstrauser 7 hours ago Would xz still have been able to alter opensshd without IFUNC? rwmj 3 hours ago Yes, liblzma could have used multiple routes to take over sshd. Once you're running inside the process it's game over. The exact details, like how they used ifunc and an audit hook, are very interesting, but ultimately not that important.
rwmj 3 hours ago Yes, liblzma could have used multiple routes to take over sshd. Once you're running inside the process it's game over. The exact details, like how they used ifunc and an audit hook, are very interesting, but ultimately not that important.
They argue, and I tend to agree, that their solution is more secure.
1. It impiles some function pointers to be writable temporarily, not all of them.
2. It doesn't hide writable pointers from a cursory glance not familiar with IFUNC.
The GOT has to be initially writable regardless of ifunc, even with relro, to apply relocations.
Would xz still have been able to alter opensshd without IFUNC?
Yes, liblzma could have used multiple routes to take over sshd. Once you're running inside the process it's game over. The exact details, like how they used ifunc and an audit hook, are very interesting, but ultimately not that important.