Hello all,
As a newcomer to this list, I would like a recommendation on further
reading about this specific topic. I am unable to understand it, where
normally I have some comprehension of what is going on.
Thanks,
Charlie
On Tue, Nov 28, 2017 at 10:19 AM, <leo_...@volny.cz> wrote:
> theo wrote:
> > That interpretation is wrong.
>
> Could be, I'm no genius :)
>
> > You don't understand fork+exec.
>
> Wha?
>
> > There
> > is no decision to stop using an address space after failure. Instead,
> > address spaces are intentionally split ahead of time to ensure a
> > specific pointer value is only valid in one process image. Other
> > similar load-images have unique layouts with unique pointer values.
> > So when failure happens, there is no other context where crash-learned
> > information can be reapplied in a non-crashed process image with the
> > same mapping.
>
> Uhm, how do I put this...
>
> In the old model, if an attack causes a specific child to crash, and it
> has been created using a simple fork, the parent, and all other
> children -- past, present, and future -- will *continue to use* the
> address space{, layout} that is common to them all.
>
> In the new situation, children do an exec immediately, before
> interacting with the peer. Hence, the addr space gets randomized, and
> it will not be like the parent's, or like that of any other children
> (given sufficient entropy).
>
> Hence, repeating the same attack will most likely fail.
>
> What is the part that I don't understand?
>
> > Don't change my words.
>
> Sorry, didn't mean to. It was a mere suggestion.
>
> > It is over your head. Or learn to read. Or learn to not reply before
> > you think.
>
> Criticism is welcome. Unwarranted preconceptions are not.
>
> (hmm, now what makes a preconception 'unwarranted'...?)
>
> --schaafuit.
>
>
