|
|
|
|
|
|
by jcalvinowens
1249 days ago
|
|
|
The traditional antidote to ASLR is "known code reuse", tricks like ret2libc, ret2plt, etc. FG-ASLR helps because, even when you know where .text is, there are now N possible randomized locations for the piece of code your exploit leverages, so if you pick one and exploit M machines that way, only M/N of the exploits will succeed (where you got lucky). Ultimately it is obfuscation, but with enough entropy it is very effective. It can't mitigate or prevent an exploit, but it makes it more work to turn an exploit into code execution consistently enough for it to be useful. |
|
|