Friday, July 8, 2011

Windows ASLR and the False Sense of Security

Lately, I have read a lot about exploits bypassing the ASLR protection. In particular, this post from scriptjunkie.us and this one from corelan.be .

I believe ASLR is a really good protection in systems where all the software is making use of it and there is no room for exceptions, but it is not true for Windows. Since this feature is optional on this platform, it only takes somebody to load on your program a DLL that has ASLR disabled to bypass all the protections that were carefully planed.

We have seen these examples with Java, McAfee and Symantec and I am sure we will find many more in the future, since Microsoft will be  trapped  supporting old software for long time if not ever. The only option I see is the Operative System enforcing these protections at low level.

No comments:

Post a Comment