We have moved to a new Sailfish OS Forum. Please start new discussions there.
1 | initial version | posted 2017-09-12 18:14:21 +0200 |
Is SailfishOS currently affected by the Blueborne attack on bluetooth? Linux is explicitly vulnerable. But it also states that ASLR provides a degree of protection.
ASLR seems to be in place on my J1 on 2.1.1.26:
[nemo@Sailfish ~]$ cat /proc/sys/kernel/randomize_va_space
2
This is good, it means ASLR enabled: "Full address space randomization. Contains the feature of value 1 in addition brk area is randomized.")
[nemo@Sailfish ~]$ file /usr/sbin/bluetoothd
/usr/sbin/bluetoothd: ELF 32-bit LSB shared object, ARM, EABI5 version 1…
This is also good: "shared object" instead of "executable", the latter would indicate it has position dependent code, and therefor no ASLR.
Does this indeed indicate sufficient protection for now?
Is SailfishOS currently affected by the Blueborne attack on bluetooth? Linux is explicitly vulnerable. But it also states that ASLR provides a degree of protection.
ASLR seems to be in place on my J1 on 2.1.1.26:
[nemo@Sailfish ~]$ cat /proc/sys/kernel/randomize_va_space
2
This is good, it means ASLR enabled: "Full address space randomization. Contains the feature of value 1 in addition brk area is randomized.")
[nemo@Sailfish ~]$ file /usr/sbin/bluetoothd
/usr/sbin/bluetoothd: ELF 32-bit LSB shared object, ARM, EABI5 version 1…
This is also good: "shared object" instead of "executable", the latter would indicate it has position dependent code, and therefor no ASLR.
Does this indeed indicate sufficient protection for now?