On Mon, Apr 25, 2016 at 11:13 AM, Tinker <[email protected]> wrote: > Conceptual nooby Q, what does this add beyond PIE & ASLR?
ASLR typically moves the whole library as a unit. So once you have found one address you can use that with a build-dependent offset to find other addresses. OpenBSD currently releases a new build every six months. PIE needs to know the build before it can work. ROP can be thought of as roughly analogous to PIE (except intentionally broken). Here, you approximately get a new libc build on every machine every time it boots up (assuming writable media). -- Raul
