funsec mailing list archives

Re: ASLR: Address Space Layout Randomization

From: "Fergie" <fergdawg () netzero net>
Date: Wed, 31 May 2006 18:56:53 GMT

Oh yeah -- one more thing: Some of the comments in the MSDN blog
aticle are hilarious. :-)

- ferg


-- "Fergie" <fergdawg () netzero net> wrote:

Has anyone looked at this in depth enough to explain this
to me a paragraph? I think I pretty much "get it" but I was
wondering if anyone else had actually taken some time to
peruse this concept -- I'm not a code monkey. :-)

ALthough I have _no_intentions_ of running Microsoft Vista, I
ran across something today which mentioned that "...Microsoft
had fitted the Vista beta 2 version with a feature called ASLR
(Address Space Layout Randomization) that should help protect
Vista against automated cyber-attacks."

Now, that's a pretty hefty statement.

So, I go looking for info on this.

After reading these:

 http://blogs.msdn.com/michael_howard/archive/2006/05/26/608315.aspx
 http://pax.grsecurity.net/docs/aslr.txt

... I see that it is referencing address(es) and offset(s) of
executable binaries in (what I assume) is the Vista filesystem, no?

I think one fo the first paragraphs on the [above referenced]
MSDN blog pretty much sums it up:

[snip]

"Windows Vista Beta 2 includes a new defense against buffer
overrun exploits called address space layout randomization.
Not only is it in Beta 2, its on by default too. Now before
I continue, I want to level set ASLR. It is not a panacea, it
is not a replacement for insecure code, but when used in
conjunction with other technologies, which I will explain
shortly, it is a useful defense because it makes Windows
systems look different to malware, making automated
attacks harder."

[snip]


Being a router jockey from way back I thought immediately about
"IP address space" when I saw "address space" only to find out
that this is not the case, in this particular instance.  :-)

Cheers,

- ferg

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

ASLR: Address Space Layout Randomization Fergie (May 31)
- Re: ASLR: Address Space Layout Randomization Drsolly (May 31)
  - Re: ASLR: Address Space Layout Randomization Valdis . Kletnieks (May 31)
  - Re: ASLR: Address Space Layout Randomization Peter Kosinar (May 31)
  - Re: ASLR: Address Space Layout Randomization Alexander Sotirov (May 31)
- <Possible follow-ups>
- Re: ASLR: Address Space Layout Randomization Fergie (May 31)