Full Disclosure: Re: "Advances in Security" in the Linux Kernel and RedHat idiocy

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: "Advances in Security" in the Linux Kernel and RedHat idiocy

From: Michal Zalewski <lcamtuf () ghettot org>
Date: Thu, 27 Jan 2005 20:37:19 +0100 (CET)

On Thu, 27 Jan 2005, Brad Spengler wrote:

I guess anyone who thinks that taking a hardcoded exploit and running it
256 times would always result in a successful exploit is stupid.


It would not always result in a successful exploitation; just as flipping
the coin twice is not a guarantee of getting tails once.

Other than that, the amount of randomization is indeed puny; but then,
even 32-bit randomization is a good defense only in certain situations,
and often, can be defeated with some time, aided by luck or a decent
NOP-equivalent sled.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2005-01-27 20:31 --

   http://lcamtuf.coredump.cx/photo/current/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

"Advances in Security" in the Linux Kernel and RedHat idiocy Brad Spengler (Jan 27)
- Re: "Advances in Security" in the Linux Kernel and RedHat idiocy Arjan van de Ven (Jan 27)
  - Re: "Advances in Security" in the Linux Kernel and RedHat idiocy Brad Spengler (Jan 27)
- Re: "Advances in Security" in the Linux Kernel and RedHat idiocy Michal Zalewski (Jan 27)
  - Re: "Advances in Security" in the Linux Kernel and RedHat idiocy Brad Spengler (Jan 28)