Good evening Rogelio, I think that ASLR bruteforce you are talking about is either the Phrack article or the ACM paper . In real world applications specially in network daemons it would generate lots of noise. With the Linux kernel's logging <http://blog.eonsec.com/2007/12/segmentation-fault-logging.html> and Grsec's logging it should not get pass by any good admin's radar.
So it is not useless, but weak. However a defense mechanism stacked over another will only help hamper the bad guys. Ed <http://blog.eonsec.com> On Jan 16, 2008 5:26 PM, Rogelio Serrano <[EMAIL PROTECTED]> wrote: > thats before the use of PIE "position independent executables". now > pageexec is preferred. specially for cpus with the nx bit. 64 bit is > the best for this. ASLR is useless in 32 bit. it can be brute forced > in as little as 26 seconds. > > this can only be fixed after xorg is hit with a security cluestick and > fixed xorg to not need /dev/mem. or you _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
