Increasing the range of address-space layout randomization [LWN.net]

Increasing the range of address-space layout randomization

Posted Dec 17, 2015 19:57 UTC (Thu) by thestinger (guest, #91827)
In reply to: Increasing the range of address-space layout randomization by wodny
Parent article: Increasing the range of address-space layout randomization

The Zygote-based process spawning applies to the Java runtime (apps and the system_server), not native processes like mediaserver.

to post comments

Increasing the range of address-space layout randomization

Posted Dec 17, 2015 23:03 UTC (Thu) by wodny (subscriber, #73045) [Link]

Java runtime + all dynamically linked libraries NDK apps use. So even though you don't gain control over a privileged process like the mediaserver easily, you can still exploit libraries like stagefright (or libchromium_net.so from the Zygote document) to run (almost) arbitrary assembly and try to escalate privileges attacking the kernel or any other component you can interact with.