DragonFly submit List (threaded) for 2007-01
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Simon 'corecode' Schubert wrote:
No matter how close-to-impossible it is to craft a working exploit, technically it is still obcurity. Ofcourse I do agree with you that given a large enough address space, this is a very powerful tool to deter attackers (imagine groveling a 64bit virtual address space for the hole you're looking for, I'll prefer to do other things with my time; also, it's quite possible to construct an IDS which catches these grovelings real quick). The chance of the attacker finding the hole becomes so slim that, economically, it is not worth pursueing. However: this does not change the fact that *technically*, it still is obscuring.
P.S.
If you wish to do so, read the IRC backlog; I had this discussion with 'tigger^' already :).
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: patch to randomize mmap offsets
| From: | "Thomas E. Spanjaard" <tgen@xxxxxxxxxxxxx> |
| Date: | Tue, 16 Jan 2007 19:41:42 +0000 |
Simon 'corecode' Schubert wrote:
Thomas E. Spanjaard wrote:Ofcourse, the option wouldn't be enabled by default, but people who want security through obscurity can easily enable it at their leasure in their kernel config, and recompile :).it is not obscurity, but instead prevents the exploitation of any fixed memory offset in executables. it makes memory ordering basically so non-deterministic that it is close to impossible to craft a working exploit.
No matter how close-to-impossible it is to craft a working exploit, technically it is still obcurity. Ofcourse I do agree with you that given a large enough address space, this is a very powerful tool to deter attackers (imagine groveling a 64bit virtual address space for the hole you're looking for, I'll prefer to do other things with my time; also, it's quite possible to construct an IDS which catches these grovelings real quick). The chance of the attacker finding the hole becomes so slim that, economically, it is not worth pursueing. However: this does not change the fact that *technically*, it still is obscuring.
P.S.
If you wish to do so, read the IRC backlog; I had this discussion with 'tigger^' already :).
Cheers,
--
Thomas E. Spanjaard
tgen@netphreax.net
Attachment:
signature.asc
Description: OpenPGP digital signature
- Follow-Ups:
- Re: patch to randomize mmap offsets
- From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: patch to randomize mmap offsets
- References:
- patch to randomize mmap offsets
- From: "Kevin L. Kane" <kevin.kane@gmail.com>
- Re: patch to randomize mmap offsets
- From: "Thomas E. Spanjaard" <tgen@netphreax.net>
- Re: patch to randomize mmap offsets
- From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>
- patch to randomize mmap offsets
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]