undefined | Better HN

0 pointsmonocasa8y ago0 comments

Sure, but those same speculative execution attacks also trivially defeat ASLR. And practically speaking, memory safety in formally proved software tends to be pretty bullet proof.

So, outside of memory unsafety, is there another threat profile where ASLR gains you something?

0 comments

gok8y ago

Sure, consider that the hashCode() of objects in Java are based on memory addresses, which means they’re predictable to an attacker without ASLR.

j / k navigate · click thread line to collapse

0 comments

gok8y ago

Sure, consider that the hashCode() of objects in Java are based on memory addresses, which means they’re predictable to an attacker without ASLR.

j / k navigate · click thread line to collapse