oss-sec mailing list archives

Re: Offset2lib: bypassing full ASLR on 64bit Linux

From: Daniel Micay <danielmicay () gmail com>
Date: Wed, 10 Dec 2014 13:51:12 -0500

On 10/12/14 01:20 PM, Daniel Micay wrote:


I expect that the same thing can be caused by making aligned
allocations. If you make a 4M naturally aligned allocation via an API
like posix_memalign, the allocator will probably mmap 4M + the maximum
excess. If it unmaps the excess memory at the head/tail, then it will
have wiped out 10 bits of entropy for future mmap allocations because
the tail will always be at a 4M boundary.


(ofc this isn't limited to mmap, but it's a simple example)

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Re: Offset2lib: bypassing full ASLR on 64bit Linux, (continued)
- - Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Loganaden Velvindron (Dec 09)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
    - Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Mike Hommey (Dec 08)
  - Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 11)