| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <df8ba96d0605260012k18e5a874lc51cfcbeae7277eb@mail.gmail.com> Date: Fri, 26 May 2006 08:12:41 +0100 From: c0ntex <c0ntexb@...il.com> To: "David Litchfield" <davidl@...software.com> Cc: full-disclosure@...ts.grok.org.uk, ntbugtraq@...tserv.ntbugtraq.com, bugtraq@...urityfocus.com Subject: Re: ASLR now built into Vista On 26/05/06, David Litchfield <davidl@...software.com> wrote: > Address Space Layout Randomization is now part of Vista as of beta 2 [1] . I > wrote about ASLR on the Windows platform back in September last year [2] and > noted that unless you rebase the image exe then little (not none!) is added. > ASLR in Vista solves this so remote exploitation of overflows has just got a > lot harder. I've not done a thorough analysis yet but, all going well, this > is a fantastic way for Microsoft to go and builds on the work done with > NX/DEP and stack cookies/canaries. Since ASLR has been in and has been trivially circumvented in Linux for years now (see my papers on return-to-libc & return-to-got) I don't see it being a particularly hard issue to defeat :-) Maybe though, if they also randomise some other key areas like heap locations and do some fancy relocation to non writable/executable pages plus the drop-in of some ascii armour, we might then be on par with a hardened Linux or *BSD.. Granted, I haven't looked at Vista yet :) -- regards c0ntex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists