[38193] in bugtraq
Re: Is DEP easily evadable?
daemon@ATHENA.MIT.EDU (Ben Pfaff)
Thu Jan 13 15:12:20 2005
To: bugtraq@securityfocus.com
From: Ben Pfaff <blp@cs.stanford.edu>
Date: Thu, 13 Jan 2005 11:38:09 -0800
Message-ID: <878y6xp1b2.fsf@benpfaff.org>
Reply-To: blp@cs.stanford.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: usenet@sea.gmane.org
John Richard Moser <nigelenki@comcast.net> writes:
> PaX does pretty nice randomization. I think 15/16 for heap and stack
> and 24 for mmap(), though I could be overshooting the 24. I'm on amd64
> so I can't just run paxtest and see; though I could read the source code.
In some fairly reasonable circumstances, this may not be enough.
I wonder whether the security community is generally aware of a
paper I co-authored on defeating PaX and address space
randomization in general on 32-bit systems, titled "On the
Effectiveness of Address Space Randomization". It was presented
at CCS 2004 and available on my webpage, among other places:
http://www.stanford.edu/~blp/papers/asrandom.pdf
--
"To prepare for the writing of Software,
the writer must first become one with it,
sometimes two."
--W. C. Carlson
