[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Real-World Impact of Hash DoS in Lua
- From: Sean Conner <sean@...>
- Date: Thu, 26 Jan 2012 15:30:19 -0500
It was thus said that the Great Florian Weimer once stated:
> * Sean Conner:
>
> > I just tested Linux 2.6.9 and 2.6.35, and yes, both will randomize the
> > base stack address, but not necessarily library function addresses:
>
> Oh, I think those are PLT addresses, then.
> dlsym(RTLD_DEFAULT, "srand") returns a randomized
> address, but the PLT address is constant (unless you
> compile with -fPIE or as a dynamic shared object).
Yes and no. Linux 64 bit, the address changes, but only if you don't
reference srand() before pulling it from dlsym(). On 32 bit Linux, and
SPARC (64 bit, but I assume the same behavior with 32 bit as well) the
address never changes.
-spc (And even when it does change on 64-bit Linux, the upper 16 bits and
lower 12 never change ... )
- References:
- Re: Real-World Impact of Hash DoS in Lua, John Graham-Cumming
- Re: Real-World Impact of Hash DoS in Lua, Roberto Ierusalimschy
- Re: Real-World Impact of Hash DoS in Lua, John Graham-Cumming
- Re: Real-World Impact of Hash DoS in Lua, Roberto Ierusalimschy
- Re: Real-World Impact of Hash DoS in Lua, Florian Weimer
- Re: Real-World Impact of Hash DoS in Lua, Rob Kendrick
- Re: Real-World Impact of Hash DoS in Lua, Sean Conner
- Re: Real-World Impact of Hash DoS in Lua, Paul Hudson
- Re: Real-World Impact of Hash DoS in Lua, Sean Conner
- Re: Real-World Impact of Hash DoS in Lua, Florian Weimer