> On Jul 28, 2017, at 2:46 PM, petern <peter.nichvolo...@gmail.com> wrote: > > The attack vector is described well enough. A penetration search harness > would work directly from predictable accesses to the published key > constants as mapped into process address space. [Full ASLR decoding, see > the paper, isn't needed for this.] These well advertised accesses "light > up" otherwise randomized program and stack layouts very well since there is > no access for any other purpose. CPU security might prevent directly > forging pseudo-null pointers but they are as observable as subtype pointers > and leak more address space layout information.
You’re getting _closer_ to something a non-expert could understand, but you’re not there yet. Keep trying, please. It would help if you described what the attack requires, and what it would allow the attacker to do. Reading between the lines, I think you’re assuming the attacker is already able to read the process’s address space. The rest of us here are saying that, in that case, as far as we’re concerned the attacker has already won. And I don’t understand how this pointer feature would help such an attacker get any further. —Jens _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users