On Fri, 17 Apr 2020 at 09:13, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > Quick note: paxtest's algorithms for measuring ASLR was meant to test > ASLR, not FreeBSD's ASR implementation. Thus, paxtest results for > FreeBSD's ASR are moot.
paxtest's entropy estimate is superficial, and indeed can produce a more or less invalid result depending on the distribution of allocated objects. There are a number of other tools which perform a more rigorous or comprehensive analysis. paxtest is useful in providing basic indication of whether various things are randomized or not. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"