theo wrote:
> That interpretation is wrong.
Could be, I'm no genius :)
> You don't understand fork+exec.
Wha?
> There
> is no decision to stop using an address space after failure. Instead,
> address spaces are intentionally split ahead of time to ensure a
> specific pointer value is only valid in one process image. Other
> similar load-images have unique layouts with unique pointer values.
> So when failure happens, there is no other context where crash-learned
> information can be reapplied in a non-crashed process image with the
> same mapping.
Uhm, how do I put this...
In the old model, if an attack causes a specific child to crash, and it
has been created using a simple fork, the parent, and all other
children -- past, present, and future -- will *continue to use* the
address space{, layout} that is common to them all.
In the new situation, children do an exec immediately, before
interacting with the peer. Hence, the addr space gets randomized, and
it will not be like the parent's, or like that of any other children
(given sufficient entropy).
Hence, repeating the same attack will most likely fail.
What is the part that I don't understand?
> Don't change my words.
Sorry, didn't mean to. It was a mere suggestion.
> It is over your head. Or learn to read. Or learn to not reply before
> you think.
Criticism is welcome. Unwarranted preconceptions are not.
(hmm, now what makes a preconception 'unwarranted'...?)
--schaafuit.
