Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Dec 2014 11:15:44 +0530
From: Reno Robert <>
Subject: Re: PIE bypass using VDSO ASLR weakness

Given that ASLR is not effective in VDSO and comes down to 11 quality bits
as per pax test making return-to-vdso feasible even for PIE binary, whether
this should be considered as a bug and CVE be assigned?

On Wed, Dec 10, 2014 at 2:25 AM, Daniel Micay <> wrote:

> On 09/12/14 10:33 AM, Reno Robert wrote:
> > Hi Daniel, COMPAT_VDSO is not enabled. Just that randomization is 20 bits
> > and same values are generated on repeated execution.
> Ah, I was testing against PaX ASLR :). Sorry for the noise.

Reno Robert

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.