Even if that's true there are a lot of exploits out there that can't deliver more than a few bytes of machine code. You can't exploit stuff with less than say 100 bytes of code if you don't even have the offsets for functions that you need to call.
You can with less than 30 bytes if You do(eg, socket, fork, some io).
It's not just a tick in the box.
If you can read the address space you can defeat ASLR
Ohh, you mean segfault when you read unallocated memory? Even if you could, are you planning to read all 8,589,934,592GiB of the address space? with O(n) scaling, assuming a crazy low 1 clock cycle per address, it would take you about 35 years to scan the entire 2^63 user virtual address space at 4ghz.
I am not saying ASLR is perfect, I'm just saying it's not nearly as simple as you make it out to be.
All that effort, so little protection (Score:0)
If you can read the address space you can defeat ASLR. So it makes life a little more difficult, but once you've solved it you've solved it.
More 'tick in the box' security which doesn't actually provide anything useful.
Re: (Score:1)
You can't exploit stuff with less than say 100 bytes of code if you don't even have the offsets for functions that you need to call. You can with less than 30 bytes if You do(eg, socket, fork, some io).
It's not just a tick in the box.
Re: (Score:3)
If you can read the address space you can defeat ASLR
Ohh, you mean segfault when you read unallocated memory? Even if you could, are you planning to read all 8,589,934,592GiB of the address space? with O(n) scaling, assuming a crazy low 1 clock cycle per address, it would take you about 35 years to scan the entire 2^63 user virtual address space at 4ghz.
I am not saying ASLR is perfect, I'm just saying it's not nearly as simple as you make it out to be.
Re: (Score:2)