„64-bit Debian and 64-bit HardenedBSD had the two best implementations of ASLR, with 64-bit Debian having just slightly more entropy than 64-bit HardenedBSD.“ web.cs.ucdavis.edu/~peisert/resea
This Tweet was deleted by the Tweet author. Learn more
Conversation
Replying to
The original tweet presenting the results in a misleading and dishonest only looks bad for the person doing it, not the project they're trying to attack.
twitter.com/gonzopancho/st
The paper is also only looking at one part of the ASLR implementation rather than the whole picture.
This Tweet is unavailable.
2
1
3
So, aside from being a very incomplete look at ASLR, it also misses that it's only one of a set of mitigations against memory corruption attacks. Resorting to misrepresenting the results of a very obviously lacking paper to attack other projects is quite desperate and pathetic.
This Tweet was deleted by the Tweet author. Learn more
You quoted a statement out of context to mislead people. As I mentioned, the paper is also very lacking since it presents ASLR entropy as being the only thing of relevance to buffer overflow protection, and it also only looks at the entropy of one of several ASLR bases anyway.
1
Show replies