Re: ASLR

From: Domagoj Stolfa <domagoj.stolfa_at_gmail.com>
Date: Wed, 25 Jan 2017 00:34:06 +0100
Hello,

> For better or worse the term ASLR is today in common use to refer to a
> number of different approaches. Using what has become a generic term
> allows the implementation to change in the future, without changing
> the interface (e.g. sysctls, userland tools, etc.).

If I'm not mistaken, ASR is the approach that was first taken by the PaX team in
an attempt to randomize mmaps. It later evolved into ASLR, however I do agree
that one should call this ASLR for compatibility reasons in the future.

> I wish there was a concise, technical comparison of the approaches
> implemented by different operating systems, but I've unfortunately not
> found one.

FWIW, ASLR is just a workaround and has it's weaknesses[1], but is a workaround
I would like to see implemented in FreeBSD, be it ASLR or ASR, until a proper
solution comes along.

[1] https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems-wp.pdf

-- 
Best regards,
Domagoj Stolfa

Received on Tue Jan 24 2017 - 22:34:18 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:09 UTC