lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <mpro.nnnitv01yjurg0kca.taviso@cmpxchg8b.com>
Date: Thu, 30 Apr 2015 20:25:07 -0700
From: Tavis Ormandy <taviso@...xchg8b.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] #WorldPenguinDay or this cant be right, can it?

PIN <zero@...c.co> wrote:

> address space layout of a linux process.

It sounds like you're asking "If I can learn an address, have I defeated
ASLR", and the answer is usually yes. It depends on the circumstances of
course, but leaking any address to an attacker would usually be considered a
bug and renders ASLR essentially useless.

For example, if you can find some JavaScript that tells you the address of
an object on the heap or the base address of a module, that would be
considered a security bug. You don't usually run untrusted python, so
python's id() isn't a bug - but you do run untrusted JavaScript.

Tavis.


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ