PIN <[email protected]> wrote: > address space layout of a linux process.
It sounds like you're asking "If I can learn an address, have I defeated ASLR", and the answer is usually yes. It depends on the circumstances of course, but leaking any address to an attacker would usually be considered a bug and renders ASLR essentially useless. For example, if you can find some JavaScript that tells you the address of an object on the heap or the base address of a module, that would be considered a security bug. You don't usually run untrusted python, so python's id() isn't a bug - but you do run untrusted JavaScript. Tavis. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
