

16-line KASLR defeat in Linux 3.14 - officialjunk
https://youtube.com/watch?v=S7BQ7qDz028

======
willvarfar
For me, this video doesn't really explain _anything_.

I know the terminology, and have actually read the blog post
[https://forums.grsecurity.net/viewtopic.php?f=7&t=3367](https://forums.grsecurity.net/viewtopic.php?f=7&t=3367)
that's behind it all, but ... the video doesn't impart any of this. It needs a
clear and concise voice-over to explain what its doing and unhype it.

~~~
officialjunk
it appears he has gained knowledge of a range of memory addresses that he
shouldn't know since they are supposed to be randomly allocated? that's a deep
as i "understand" it. hopefully someone else here can go into more detail of
how each line is important and what can be done with the information
afterwards.

~~~
willvarfar
[https://lwn.net/Articles/569635/](https://lwn.net/Articles/569635/) explains
what KASLR is, and what exploits it tries to defeat.

Importantly, whereas ASLR is typically to decrease the success probability of
a remote exploit of a user-space app (typically your browser and the plugins
it runs), KASLR is defending the kernel with a known privilege escalation
exploit from a determined malicious user.

