On 26/05/06, David Litchfield <davidl@xxxxxxxxxxxxxxx> wrote:
Address Space Layout Randomization is now part of Vista as of beta 2 [1] . I wrote about ASLR on the Windows platform back in September last year [2] and noted that unless you rebase the image exe then little (not none!) is added. ASLR in Vista solves this so remote exploitation of overflows has just got a lot harder. I've not done a thorough analysis yet but, all going well, this is a fantastic way for Microsoft to go and builds on the work done with NX/DEP and stack cookies/canaries.
Since ASLR has been in and has been trivially circumvented in Linux for years now (see my papers on return-to-libc & return-to-got) I don't see it being a particularly hard issue to defeat :-) Maybe though, if they also randomise some other key areas like heap locations and do some fancy relocation to non writable/executable pages plus the drop-in of some ascii armour, we might then be on par with a hardened Linux or *BSD.. Granted, I haven't looked at Vista yet :) -- regards c0ntex
