Thanks for all.
On 10/31/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
On 10/30/06, Joco Salvatti <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> Reading Theo de Raadt's presentation about exploit mitigation
> techniques, I could not understand the advantages of using randomized
> malloc and randomized mmap techniques. I've searched on the Internet
> about this subject but I couldn't find a thing, maybe because this
> subject is too technical.
> I'm sorry for the lack of abilities to understand the presentation.
> Could anyone, please, give me an example or point me any website in
> which I could find informations in order to understand why randomized
> malloc and randomized mmap are more secure than the traditional ones?
>
> Thanks in advance for the time wasted reading this e-mail.
>
If memory locations are predictable and you can access program memory
arbitrarily (e.g. kernel mode or a bug in something) then you can
easily calculate where to find certain pieces of data. This is bad. It
lets you read private data or maybe even write it.
At least, I think that's about right, right?
-Nick
--
Joco Salvatti
Undergraduating in Computer Science
Federal University of Para - UFPA
web: http://www.openbsd-pa.org
e-mail: [EMAIL PROTECTED]
