-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ben Pfaff wrote: > John Richard Moser <nigelenki@xxxxxxxxxxx> writes: > > >>PaX does pretty nice randomization. I think 15/16 for heap and stack >>and 24 for mmap(), though I could be overshooting the 24. I'm on amd64 >>so I can't just run paxtest and see; though I could read the source code. > > > In some fairly reasonable circumstances, this may not be enough. > I wonder whether the security community is generally aware of a > paper I co-authored on defeating PaX and address space > randomization in general on 32-bit systems, titled "On the > Effectiveness of Address Space Randomization". It was presented > at CCS 2004 and available on my webpage, among other places: > http://www.stanford.edu/~blp/papers/asrandom.pdf Brad says he's seen it, and that at the time of that writing he'd already solved that problem. Apparently in grsecurity, once you've caused a program to segfault or get a PaX kill, it's flagged to delay all future forks by 30 seconds, or something like that. I don't know the exact details. - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB52D2hDd4aOud5P8RAgxVAJ9NMAhRPFwAyQ0gC9/SA8AD4NpwkQCgiCuM bNddcz3FHs0b41VNnHOezMk= =Khb9 -----END PGP SIGNATURE-----
