funsec mailing list archives
ASLR: Address Space Layout Randomization
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 31 May 2006 18:45:47 GMT
Has anyone looked at this in depth enough to explain this to me a paragraph? I think I pretty much "get it" but I was wondering if anyone else had actually taken some time to peruse this concept -- I'm not a code monkey. :-) ALthough I have _no_intentions_ of running Microsoft Vista, I ran across something today which mentioned that "...Microsoft had fitted the Vista beta 2 version with a feature called ASLR (Address Space Layout Randomization) that should help protect Vista against automated cyber-attacks." Now, that's a pretty hefty statement. So, I go looking for info on this. After reading these: http://blogs.msdn.com/michael_howard/archive/2006/05/26/608315.aspx http://pax.grsecurity.net/docs/aslr.txt ... I see that it is referencing address(es) and offset(s) of executable binaries in (what I assume) is the Vista filesystem, no? I think one fo the first paragraphs on the [above referenced] MSDN blog pretty much sums it up: [snip] "Windows Vista Beta 2 includes a new defense against buffer overrun exploits called address space layout randomization. Not only is it in Beta 2, its on by default too. Now before I continue, I want to level set ASLR. It is not a panacea, it is not a replacement for insecure code, but when used in conjunction with other technologies, which I will explain shortly, it is a useful defense because it makes Windows systems look different to malware, making automated attacks harder." [snip] Being a router jockey from way back I thought immediately about "IP address space" when I saw "address space" only to find out that this is not the case, in this particular instance. :-) Cheers, - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ASLR: Address Space Layout Randomization Fergie (May 31)
- Re: ASLR: Address Space Layout Randomization Drsolly (May 31)
- Re: ASLR: Address Space Layout Randomization Valdis . Kletnieks (May 31)
- Re: ASLR: Address Space Layout Randomization Peter Kosinar (May 31)
- Re: ASLR: Address Space Layout Randomization Alexander Sotirov (May 31)
- <Possible follow-ups>
- Re: ASLR: Address Space Layout Randomization Fergie (May 31)
- Re: ASLR: Address Space Layout Randomization Drsolly (May 31)