kernel.randomize_va_space....
This is actually a quite a cool feature that I recently ran across on my Linux box at home. It is an Ubuntu 6.10 and I tried to run some old shellcode. For the life of me I didn't get it to work. In this was examples with specially crafted vulnerable software just to demonstrate. So I forgot about for a week or so, and one day last week I started to hunt down what was wrong. I found it... all never 2.6 linux kernels have the nasty habit of randomizing the address space of new processes. Why would you want to do that may you ask...
Because classic shellcode exploits rely on a known address space to execute its malicious payload. When you randomize your address space on the new processes means that your computer becomes more secure against some exploits.
Notice the some because it is not a panacea. It is not going to fix all your vulnerabilities. Also it is possible to turn it off if you by some odd chance experience problems. "sysctl -w kernel.randomize_va_space=0". And I suspect that there is going to be a number of System administrators out there just turn it of "because it could pose a problem", if they knew about it.
Because classic shellcode exploits rely on a known address space to execute its malicious payload. When you randomize your address space on the new processes means that your computer becomes more secure against some exploits.
Notice the some because it is not a panacea. It is not going to fix all your vulnerabilities. Also it is possible to turn it off if you by some odd chance experience problems. "sysctl -w kernel.randomize_va_space=0". And I suspect that there is going to be a number of System administrators out there just turn it of "because it could pose a problem", if they knew about it.
0 Comments:
Post a Comment
<< Home