Re: [Full-Disclosure] "Advances in Security" in the Linux Kernel and RedHat idiocy

From: Michal Zalewski (lcamtuf_at_ghettot.org)
Date: 01/27/05

  • Next message: Juan Pablo Abuyeres: "[Full-Disclosure] xinetd issue.." 
    Date: Thu, 27 Jan 2005 20:37:19 +0100 (CET)
To: Brad Spengler <spender@grsecurity.net>

    On Thu, 27 Jan 2005, Brad Spengler wrote:

    > I guess anyone who thinks that taking a hardcoded exploit and running it
    > 256 times would always result in a successful exploit is stupid.

    It would not always result in a successful exploitation; just as flipping
    the coin twice is not a guarantee of getting tails once.

    Other than that, the amount of randomization is indeed puny; but then,
    even 32-bit randomization is a good defense only in certain situations,
    and often, can be defeated with some time, aided by luck or a decent
    NOP-equivalent sled. 

    -- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2005-01-27 20:31 --
   http://lcamtuf.coredump.cx/photo/current/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Juan Pablo Abuyeres: "[Full-Disclosure] xinetd issue.."

    Relevant Pages

    • Re: SVT/GT500 News
      ... Those same people each have assistants who's job it is to wade through drivel from people like yourself and forward it to appropriate personnel. ... ....but certainly more successful than whining to a bunch of strangers on a usenet group. ... On rare occasion it does happen. ... They would be stupid not to. ...
      (rec.autos.makers.ford.mustang)
    • Re: Endurance running hunting ancestros 2 Ma = nonsense
      ... too stupid to know it's your post and you determine what goes into it? ... this, my little boy, is a *quote*. ... While the 2 spontaneous ER hunts were successful, ...
      (sci.anthropology.paleo)
    • Re: Obama defends tackling many problems at same time
      ... I was pretty successful at tackling problems at work. ... I was about to say that you could not possibly be that stupid, ...
      (soc.retirement)
    • Re: Obama defends tackling many problems at same time
      ... I was about to say that you could not possibly be that stupid, ... you may think you were successful at work, just like stupid people who don't ... Where is the original thought in your feeble digital vomit? ...
      (soc.retirement)
    • Re: Dumb things players like to do
      ... rabbit on the menu. ... Sometimes I was successful, sometimes not. ... I remember this one guy in our game always did stupid things to get his ...
      (rec.games.frp.dnd)