oss-sec mailing list archives
Re: Offset2lib: bypassing full ASLR on 64bit Linux
From: Daniel Micay <danielmicay () gmail com>
Date: Wed, 10 Dec 2014 13:51:12 -0500
On 10/12/14 01:20 PM, Daniel Micay wrote:
I expect that the same thing can be caused by making aligned allocations. If you make a 4M naturally aligned allocation via an API like posix_memalign, the allocator will probably mmap 4M + the maximum excess. If it unmaps the excess memory at the head/tail, then it will have wiped out 10 bits of entropy for future mmap allocations because the tail will always be at a 4M boundary.
(ofc this isn't limited to mmap, but it's a simple example)
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Offset2lib: bypassing full ASLR on 64bit Linux, (continued)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Loganaden Velvindron (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
- Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 11)