tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel aslr: someone interested?

On Sat, Mar 25, 2017 at 10:17:21PM -0400, Mouse wrote:
> > [ASLR] is just one more check mark in the exploit building tool.
> Yes and no.
> It increases the work required to exploit any putative bugs.

Please read the constraints again. There are very few RCE against the
kernels. The normal and reasonable assumption is the ability to execute
local code. If you can execute local code, you can silently defeat
kernel ASLR. Silently in the sense that all it requires is less than one
hour of computation, but without otherwise doing suspicious activity.
It is not harder in any combinatorial sense, i.e. it is additive
overhead. That's quite different from the typical attack scenario for a


Home | Main Index | Thread Index | Old Index