Re: [RFC PATCH] Randomization of address chosen by mmap.

From: lazytyped
Date: Tue Feb 27 2018 - 16:31:47 EST




On 2/27/18 9:52 PM, Kees Cook wrote:
> I'd like more details on the threat model here; if it's just a matter
> of .so loading order, I wonder if load order randomization would get a
> comparable level of uncertainty without the memory fragmentation,

This also seems to assume that leaking the address of one single library
isn't enough to mount a ROP attack to either gain enough privileges or
generate a primitive that can leak further information. Is this really
the case? Do you have some further data around this?


ÂÂÂÂÂÂ -Â twiz