Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nmap-svn] r23266 - in nmap: . nselib scripts

From: Patrick Donnelly <batrick () batbytes com>
Date: Mon, 23 May 2011 20:10:19 -0400
On Mon, May 23, 2011 at 6:10 PM, Patrick Donnelly <batrick () batbytes com> wrote:

On Mon, May 23, 2011 at 6:05 PM, David Fifield <david () bamsoftware com> wrote:

This is a good idea, to centralize the seeding. But I'm a bit worried
that an attacker could observe the numbers produced by NSE, invert the
generator, and learn an address in Nmap's memory space to defeat ASLR.
Could we use for example get_random_uint from Nbase instead? That's
ultimately seeded by /dev/urandom.


We can switch to the get_random_uint from Nbase. It just needs a binding...


Fixed in r23269.

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: