patch to randomize mmap offsets

Thomas E. Spanjaard tgen at netphreax.net
Tue Jan 16 11:43:19 PST 2007


Simon 'corecode' Schubert wrote:
Thomas E. Spanjaard wrote:
Ofcourse, the option wouldn't be enabled by 
default, but people who want security through obscurity can easily 
enable it at their leasure in their kernel config, and recompile :).
it is not obscurity, but instead prevents the exploitation of any fixed 
memory offset in executables.  it makes memory ordering basically so 
non-deterministic that it is close to impossible to craft a working 
exploit.
No matter how close-to-impossible it is to craft a working exploit, 
technically it is still obcurity. Ofcourse I do agree with you that 
given a large enough address space, this is a very powerful tool to 
deter attackers (imagine groveling a 64bit virtual address space for the 
hole you're looking for, I'll prefer to do other things with my time; 
also, it's quite possible to construct an IDS which catches these 
grovelings real quick). The chance of the attacker finding the hole 
becomes so slim that, economically, it is not worth pursueing. However: 
this does not change the fact that *technically*, it still is obscuring.

P.S.
If you wish to do so, read the IRC backlog; I had this discussion with 
'tigger^' already :).

Cheers,
--
        Thomas E. Spanjaard
        tgen at netphreax.net
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00006.pgp
Type: application/octet-stream
Size: 186 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/submit/attachments/20070116/8d7c66c3/attachment-0019.obj>


More information about the Submit mailing list