BugTraq
Is DEP easily evadable? Jan 12 2005 07:32PM
John Richard Moser (nigelenki comcast net) (1 replies)
Re: Is DEP easily evadable? Jan 13 2005 10:11AM
Florian Weimer (fw deneb enyo de) (1 replies)
Re: Is DEP easily evadable? Jan 13 2005 06:40PM
John Richard Moser (nigelenki comcast net) (1 replies)
Re: Is DEP easily evadable? Jan 13 2005 07:38PM
Ben Pfaff (blp cs stanford edu) (1 replies)
John Richard Moser <nigelenki (at) comcast (dot) net [email concealed]> writes:

> PaX does pretty nice randomization. I think 15/16 for heap and stack
> and 24 for mmap(), though I could be overshooting the 24. I'm on amd64
> so I can't just run paxtest and see; though I could read the source code.

In some fairly reasonable circumstances, this may not be enough.
I wonder whether the security community is generally aware of a
paper I co-authored on defeating PaX and address space
randomization in general on 32-bit systems, titled "On the
Effectiveness of Address Space Randomization". It was presented
at CCS 2004 and available on my webpage, among other places:
http://www.stanford.edu/~blp/papers/asrandom.pdf
--
"To prepare for the writing of Software,
the writer must first become one with it,
sometimes two."
--W. C. Carlson

[ reply ]
Re: Is DEP easily evadable? Jan 14 2005 06:04AM
John Richard Moser (nigelenki comcast net) (1 replies)
Re: Is DEP easily evadable? Jan 14 2005 06:21AM
Ben Pfaff (blp cs stanford edu)


 

Privacy Statement
Copyright 2010, SecurityFocus