lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <878y6xp1b2.fsf__7366.0546834164$1105648885$gmane$org@benpfaff.org>
Date: Thu, 13 Jan 2005 11:38:09 -0800
From: Ben Pfaff <blp@...stanford.edu>
To: bugtraq@...urityfocus.com
Subject: Re: Is DEP easily evadable?


John Richard Moser <nigelenki@...cast.net> writes:

> PaX does pretty nice randomization.  I think 15/16 for heap and stack
> and 24 for mmap(), though I could be overshooting the 24.  I'm on amd64
> so I can't just run paxtest and see; though I could read the source code.

In some fairly reasonable circumstances, this may not be enough.
I wonder whether the security community is generally aware of a
paper I co-authored on defeating PaX and address space
randomization in general on 32-bit systems, titled "On the
Effectiveness of Address Space Randomization".  It was presented
at CCS 2004 and available on my webpage, among other places:
        http://www.stanford.edu/~blp/papers/asrandom.pdf
-- 
"To prepare for the writing of Software,
 the writer must first become one with it,
 sometimes two."
--W. C. Carlson

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ