[Info-vax] Intel x86-64 Processor Design Security Vulnerability?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Jan 4 13:35:18 EST 2018
On 2018-01-04, Bob Gezelter <gezelter at rlgsc.com> wrote:
>
> As Hoff has noted, breaking address space randomization is not presently an
> issue for OpenVMS, as OpenVMS does not yet (emphasis, YET) randomize
> addresses.
>
Unfortunately, there is absolutely no point in implementing ASLR in
VMS until after the VMS controlled structures in process space get
the major rework that they need.
Given the way that process space is currently set up, those structures
can be used to completely bypass any benefits from ASLR.
IOW, right now, those structures actively help an interactive attacker
who has found a vulnerability and wants to exploit it.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list