Re: #WorldPenguinDay or this cant be right, can it?

[Tavis Ormandy <taviso () cmpxchg8b com>]

PIN <zero () asac co> wrote:

> address space layout of a linux process.

It sounds like you're asking "If I can learn an address, have I defeated
ASLR", and the answer is usually yes. It depends on the circumstances of
course, but leaking any address to an attacker would usually be considered a
bug and renders ASLR essentially useless.

For example, if you can find some JavaScript that tells you the address of
an object on the heap or the base address of a module, that would be
considered a security bug. You don't usually run untrusted python, so
python's id() isn't a bug - but you do run untrusted JavaScript.

Tavis.


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/