Defeating KASLR by Doing Nothing at All (Project Zero)

by
corbet
from LWN.net on (#71747)
The Project Zero blog explainsthat, on 64-bit Arm systems, the kernel's direct map is always placed atthe same virtual location, regardless of whether kernel address-spacelayout randomization (KASLR) is enabled.

While it remains true that KASLR should not be trusted to preventexploitation, particularly in local contexts, it is regrettablethat the attitude around Linux KASLR is so fatalistic that puttingin the engineering effort to preserve its remaining integrity isnot considered to be worthwhile. The joint effect of these twoissues dramatically simplified what might otherwise have been amore complicated and likely less reliable exploit.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments