Bugtraq mailing list archives
Re: Is DEP easily evadable?
From: Ben Pfaff <blp () cs stanford edu>
Date: Thu, 13 Jan 2005 11:38:09 -0800
John Richard Moser <nigelenki () comcast net> writes:
PaX does pretty nice randomization. I think 15/16 for heap and stack and 24 for mmap(), though I could be overshooting the 24. I'm on amd64 so I can't just run paxtest and see; though I could read the source code.
In some fairly reasonable circumstances, this may not be enough. I wonder whether the security community is generally aware of a paper I co-authored on defeating PaX and address space randomization in general on 32-bit systems, titled "On the Effectiveness of Address Space Randomization". It was presented at CCS 2004 and available on my webpage, among other places: http://www.stanford.edu/~blp/papers/asrandom.pdf -- "To prepare for the writing of Software, the writer must first become one with it, sometimes two." --W. C. Carlson
Current thread:
- Is DEP easily evadable? John Richard Moser (Jan 12)
- Re: Is DEP easily evadable? Florian Weimer (Jan 13)
- Re: Is DEP easily evadable? John Richard Moser (Jan 13)
- Re: Is DEP easily evadable? Ben Pfaff (Jan 13)
- Re: Is DEP easily evadable? John Richard Moser (Jan 14)
- Re: Is DEP easily evadable? Ben Pfaff (Jan 14)
- Re: Is DEP easily evadable? John Richard Moser (Jan 13)
- Re: Is DEP easily evadable? Florian Weimer (Jan 13)