Nmap Development mailing list archives
Re: [nmap-svn] r23266 - in nmap: . nselib scripts
From: Patrick Donnelly <batrick () batbytes com>
Date: Mon, 23 May 2011 18:10:57 -0400
On Mon, May 23, 2011 at 6:05 PM, David Fifield <david () bamsoftware com> wrote:
This is a good idea, to centralize the seeding. But I'm a bit worried that an attacker could observe the numbers produced by NSE, invert the generator, and learn an address in Nmap's memory space to defeat ASLR. Could we use for example get_random_uint from Nbase instead? That's ultimately seeded by /dev/urandom.
We can switch to the get_random_uint from Nbase. It just needs a binding... -- - Patrick Donnelly _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r23266 - in nmap: . nselib scripts David Fifield (May 23)
- Re: [nmap-svn] r23266 - in nmap: . nselib scripts Patrick Donnelly (May 23)
- Re: [nmap-svn] r23266 - in nmap: . nselib scripts Patrick Donnelly (May 23)
- Re: [nmap-svn] r23266 - in nmap: . nselib scripts Patrick Donnelly (May 23)