Not to signal doom and gloom but there is a problem or two. The main problem with implementing ASLR is that is really is all or nothing venture. If you have even one static shared library you open yourself to compromise. Below are screenshots of the new QuickTime from a filesystem and a process point of view using LookingGlass. Although most of the files are now marked as ASLR enabled there are still a few binaries that are not and could still provide an attacker a static location to utilize.
Don’t let these few oversights detract you from the huge stride forward Apple is making Vista users safer. It is good to see Apple embracing these security enhancements and I encourage other vendors, like Adobe, to follow their lead. I also hope that Apple extends these improvements to the other products offered to Windows users.
QuickTime File system scan withLookingGlass.
QuickTime Process scan with LookingGlass.
Hey, the only contact info on your home page is for sales, so I thought I'd post here. I've ported ferret to OS X if you guys want to add it to the distribution. Only changes were to pcaplive.c, main.cpp (to fix a warning) and a new Makefile of course. Write back if you're interested, and thanks for making the source available!
sure, email me at email@example.com and we will merge the changes into the next release!
Post a Comment