Dailydave mailing list archives
Re: ASLR+DEP = no problem. :>
From: Alexander Sotirov <alex () sotirov net>
Date: Thu, 4 Feb 2010 15:39:13 -0500
On Thu, Feb 04, 2010 at 08:06:33PM +0100, Thierry Zoller wrote:
now, after reading the paper let me know if it requires a 'fix' as you said, or a re-design/engineering and re-implementation of the JIT itself. ;)Does not compute either. By "fix" I abviously assumed "redesign/eginner" the JIT. The point was that ASLR/DEP is not dead because of error in a JIT.
Are you making the claim that JIT spraying can be stopped by redesigning the JIT? How exactly would you redesign the JIT to avoid inserting bytes controlled by the attacker into the generated instruction stream? Alex _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASLR+DEP = no problem. :> dave (Feb 03)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> dave (Feb 04)
- Re: ASLR+DEP = no problem. :> Matthew Wollenweber (Feb 04)
- Message not available
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Alexander Sotirov (Feb 04)
- Re: ASLR+DEP = no problem. :> Nate Lawson (Feb 05)
- Re: ASLR+DEP = no problem. :> Larry Seltzer (Feb 05)
- Re: ASLR+DEP = no problem. :> Michal Zalewski (Feb 05)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Sergio 'shadown' Alvarez (Feb 04)
- Re: ASLR+DEP = no problem. :> pageexec (Feb 04)
- Re: ASLR+DEP = no problem. :> Berend-Jan Wever (Feb 05)