MrX86 the language doesn't matter much here. What matters is "virtual memory", the address space your program sees is entirely virtual and "mapped" to physical addresses by the operating system (which also means, you have to request memory you want to use from the OS first).
When the stack is placed at a random address, of course the OS sets the stack pointer accordingly on context switch. As long as your code doesn't do weird stuff (like, loading the stack pointer with fixed values assuming a fixed layout), it will work.
ASLR is not posing any obstacle with that. You are controlling the the code, you have many ways to determine your stack address if needed (as simple as use the %sp value).i like to write in asm
The first mainstream OS that supported ASLR - Address space layout randomization - Wikipedia - by default was OpenBSD in 2003: ASLR - OpenBSDthe cpu must calculate this without performance loss ?
[...]
Overall, our findings and experiments supported our initial hypothesis that ASLR adds significant security with very
minimal performance impact. The addition of ASLR helps slow down attackers at a minimal cost, and thus, it is
definitely a feature that should be implemented in a secure operating system. FreeBSD’s main branch currently
does not have any support for ASLR. We believe that FreeBSD would gain a considerable amount of security by
adding ASLR support.
Actually, I don't want to cater for buffer overflows, format-string attacks etc. on my computers. Neither do I want to afford crashing processes. I'd rather suggest these should be fixed.To spoil exploitability of "typical" bugs like buffer overflows, format-string attacks, etc. They will still happen and crash processes, but to actively exploit them (e.g. to escalate privileges), you typically need to know where to overwrite stuff, ASLR avoids that.
I ask myself what the requiring ingredients might be to be able writing such lyrics?..., that does not seem to comply with either of two software quality levels.(*)
(*)
interplanetary: you trust your life on it
interstellar: you trust your grandchildren's life on it
(because that's what it all was about originally)
I think I get it: there is nothing gonna be fixed because there is not even known what should be fixed. Nevertheless there is security by obscurity needed as a "line of defence". Now, defence implies war, and, once upon a time we were hippies and we had figured that there is no point in making war.PMc, a mitigation avoids successful exploits of yet unknown flaws. To fix errors, they must be known first. This is no "either or", you do both of course. Repeating myself: Also keep in mind that multiple "lines of defense" are good practice in (computer) security.
Sure you can have a different opinion than most of the industry including security reasearchers. It just probably won't convince too many peole...
Not just stack entropy but shared library entropy. Shared libraries could be placed anywhere in the virtual address space when ASLR is enabled. Otherwise binaries are always loaded at the same virtual address.Without reading it, I can tell you one thing: Without ASLR, there is exactly NO "stack entropy", as it has a fixed place in virtual address space.
Yeah. Somebody killed JFK. Otherwise we would have a Mars colony for twenty years already. But some people were wise enough to understand that waging war in all corners of this planet brings in a lot more money.I ask myself what the requiring ingredients might be to be able writing such lyrics?
Does that esoteric got some name?
To come along with this where talk is about ASLR it must be induced by some ingredients that may got consumed overdosed.Yeah. Somebody killed JFK. Otherwise we would have a Mars colony for twenty years already.
It would be great if he stopped spamming even in complete sentences. We shouldn't wake up that guy and feed him.And maybe the OP can write complete sentences? To make reading easier? That would be great.
I don't understand a word you sayActually, I don't want to cater for buffer overflows, format-string attacks etc. on my computers. Neither do I want to afford crashing processes. I'd rather suggest these should be fixed.
In any case, converting the memory layout into proper white noise so nobody gets a clue on how things might actually interplay, since the end user does not have a "need to know" anyway, and meanwhile still having crashing processes, that does not seem to comply with either of two software quality levels.(*)
(*)
interplanetary: you trust your life on it
interstellar: you trust your grandchildren's life on it
(because that's what it all was about originally)
Why this provocative behavior? What do you expect to gain from this? Do you really want to get the ban hammer?