Has anyone looked at implementing some of the build configuration changes mentioned in CITL's study Linux MIPS - A soft target: past, present, and future?
The study looks at how most MIPS based Linux implementations do not properly do DEP and ASLR.
jeff@deb-devel:~/devel/openwrt$ git log --pretty=oneline --grep ASLR
4dfa6b7a30 build: fix ASLR for LTO packages
89b59994eb build: ASLR hardening use $(FPIC)
cde4f9008a lantiq: ltq-adsl: deactivate ASLR support
45ae5c2de3 lantiq: Deactivate ASLR support for some applications
df0bd42fde build: add hardened builds with PIE (ASLR) support
I recall some discussion on the mailing list as well.
Yep, back in February, 2019 -- concerns about its effectiveness at all, as well as image size. MIPS devices, unfortunately, are generally the ones that are under-resourced. There was more, but I can't find it right now.
1 Like