[Dailydave] The sky's downward trajectory
Halvar Flake
halvar at gmx.de
Tue Feb 20 07:28:23 EST 2007
As far as I can judge it, there is more than 8 bits of entropy.
I might be wrong with this, but there seem to be 8 bits of entropy
per DLL -- not 8 bits in total. This, together with DLL-remapping
on collision, should provide for more than 8 bits total entropy.
I might be wrong though.
Cheers,
Halvar
----- Original Message -----
From: "Jonathan Wilkins" <jwilkins at gmail.com>
To: "endrazine" <endrazine at gmail.com>
Cc: <dailydave at lists.immunitysec.com>
Sent: Monday, February 19, 2007 9:37 PM
Subject: Re: [Dailydave] The sky's downward trajectory
ASLR is also limited to 8 bits of entropy per (Microsoft employee)
Richard Johnson's talk at t00rcon.
On 2/19/07, endrazine <endrazine at gmail.com> wrote:
> Hi dear readers,
>
> Rhys Kidd a Ã(c)crit :
> >
> > So what does Microsoft provide to make this more secure?
> >
> > Firstly the push by Michael Howard et al to get ASLR implemented in
> > Vista beta 2 and above means the addresses within ntdll.dll are going
> > to be somewhat random, thereby making reliable use of this technique
> > difficult. NX bit based defenses really should be implemented
> > hand-in-hand with some form of memory randomisation, as was documented
> > by the PaX project.
> >
> Put me in my place if I'm wrong, but adresses are only randomized once
> at boot up, making the Vista randomization far less effective than a run
> time randomization a la PaX. Well, at least, thats what I understood
> from the Microsoft TechDays in Paris 2 weeks ago.
> > Secondly, as Dave mentioned setting "AlwaysOn" in boot.ini should
> > prevent DEP from being disabled on a per-process basis.
> >
> > HTH.
> > Rhys
> >
>
> Regards,
>
> endrazine-
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydave at lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list