grsecurity forums

[ralphy]

I was curious as to the ASLR that pax uses. I read the documentation as well as a paper written by a few academia folks regarding the effectiveness of ASLR on x86. My question is in regards to ASLR in general and brute force type attacks. Does PAX still delay fork()s from a Killed binary for a set number of seconds or was this taken out? The ASLR effectiveness paper seems to be outdated some (Although I can't say for sure as theres no date on the paper itself) so I was just curious. Thanks!

[PaX Team]

I was curious as to the ASLR that pax uses. I read the documentation as well as a paper written by a few academia folks regarding the effectiveness of ASLR on x86.

if we're talking about the same paper then you probably want to read this thread as well:http://lists.immunitysec.com/pipermail/dailydave/2004-October/001064.html.

My question is in regards to ASLR in general and brute force type attacks. Does PAX still delay fork()s from a Killed binary for a set number of seconds or was this taken out?

PaX never did anything to deter brute forcing, it's explicitly left as an exercise for patch integrators (because they know better how such a reaction mechanism fits in their system). in grsecurity we've had RES_CRASH for a few years now for this purpose.

[ralphy]

ah! awesome, many thnaks keep up the amazing work