Full Disclosure

Re: #WorldPenguinDay or this cant be right, can it?

Posted by Tavis Ormandy on May 02

That wasn’t what I said.

Sure, If code with knowledge of an address is willing to act as an
oracle, then ASLR is not useful. This is really just an indirect (and
unlikely) way of leaking an address though.

Well, if you know in advance which address to leak you can arrange for
it to be a useless one, it would usually have to be MMAP_FIXED and be
sanitized (think KUSER_SHARED_DATA on Windows or the vsyscall page on
Linux) so as not to weaken…