[Full-disclosure] Hikaru
twiz
twiz at email.it
Sun Dec 23 00:01:22 GMT 2007
> 10 pts to the first person using this approach to dlopen for full
> arbitrary execution :)
>
> so which is more useful in practice, NX or ASLR?
NX + ASLR + PIE/RANDEXEC ;)
[oh well, someone could argue, not having bug at all.]
BTW, I don't like the statement in the paper which basically considers the
efforts into the deployment of "W^X approaches" a consequence of
understimating ret-into-* (libc/text/code chunks/gadgets) attacks.
W^X just addresses different problems.
PIE and RANDEXEC are the real opponents to those attacks
and it's a bit bad that they are not mentioned at all in the paper.
- twiz
Full-Disclosure is hosted and sponsored by Secunia.