and, this is pwning nothing :)
On 26 October 2011 10:29, <[email protected]> wrote: > On Wed, 26 Oct 2011 09:56:24 +1100, xD 0x41 said: > > > You can make it bypass Aslr ? > > Nope. It can't, because ASLR doesn't enter into the picture. But then, *who > cares*? Are you going to make it make it through a passport check too? > Because > that's as relevant to this exploit as ASLR is. > > > It still must bypass atleast ASLR on vanilla to be called a real poc,and > be > > No. It has to pwn the target. If it does so without bothering to do > anything that > requires ASLR bypass doesn't matter. > > Or are you also going to insist that anybody breaking into your house has > to do > so by picking the big shiny lock on the front door that says ASLR, and > they're > not allowed to use a window, or an air conditioning vent, or a skylight, or > that old coal chute leading into the basement, or mail you a package that > opens > itself inside the house to reveal a robot that opens the front door from > the > inside, or social engineering you to demonstrate the awesomeness of the > lock, > and sneaking in while the door is open, or.... > > tl;dr: "Bypass ASLR" isn't the metric for an exploit. pwnage is. > > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
