Mill Computing, Inc. › Forums › The Mill › Architecture › ASLR (security) › Reply To: ASLR (security)
Thanks for that in depth analysis Ivan, I hadn’t even thought about the dual instruction stream issue. I agree with everything you said, I would only add that even though the vtables are read only the vtable pointers within objects are not, so you can still use a buffer overflow to cause an object to switch types and thus get virtual methods running on unintended bytes. I don’t think that increases the risk that greatly based on your other points, but it’s one more attack vector to keep in mind.
Still, I am tempted to hunt for such an exploit when the Mill is made available out of pure stubbornness 😉 There was a real flash exploit a couple years ago I can’t find the link to now that relied on a byte stream being simultaneously valid x86 op codes, actionscript and shell.