'Re: [gentoo-hardened] Question about ASLR'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    Re: [gentoo-hardened] Question about ASLR
From:       François <aifsair () gmail ! com>
Date:       2015-08-30 19:54:50
Message-ID: CAAn988Zdj8Cjt0N+EU9XykrPMJ1LvGwgEn5P_BMRO3kUiyx7rw () mail ! gmail ! com
[Download RAW message or body]

Thanks for your answer (sorry to respond that late). It actually makes
sense, I thought there was some *magic* possible.
This proves once again how fragile security can be (I'm thinking about
compilated distributions, where kernel can be hardened but the
compilation process must also be taken care of).

Thanks again
--
Fran=C3=A7ois


On 27 August 2015 at 19:42, Sven Vermeulen <swift@gentoo.org> wrote:
> On Thu, Aug 27, 2015 at 03:02:59PM +0200, Fran=C3=A7ois wrote:
>> this is my first message here, I hope I'm not off-topic!
>>
>> I've been reading [1], and tried on my gentoo system:
>>
>> fser@regal /tmp$ ./aslr-test-without
>> main @ 0x4005da
>> doit @ 0x40059b
>> fser@regal /tmp$ ./aslr-test-without
>> main @ 0x4005da
>> doit @ 0x40059b
>> fser@regal /tmp$ ./aslr-test-without
>> main @ 0x4005da
>> doit @ 0x40059b
>>
>>
>> and
>>
>> fser@regal /tmp$ ./aslr-test-withpie
>> main @ 0x468f410820
>> doit @ 0x468f4107e1
>> fser@regal /tmp$ ./aslr-test-withpie
>> main @ 0x6d8a0f9820
>> doit @ 0x6d8a0f97e1
>> fser@regal /tmp$ ./aslr-test-withpie
>> main @ 0x33eb5d8820
>> doit @ 0x33eb5d87e1
>> fser@regal /tmp$ ./aslr-test-withpie
>> main @ 0x769c4a5820
>> doit @ 0x769c4a57e1
>>
>> I was under the impression that ASLR was enforced by the kernel, when
>> creating a new context for a process.
>> Reading the description of [1], I was expecting the adress of main (at
>> least) to be different.
>>
>> Can someone explain me this behavior?
>
> ASLR only works properly with binaries that use Position Independent Code=
. That
> means that the generated machine code does not hardcode any (virtual)
> addresses, instead uses relative addressing. Some information about this =
is
> at
> https://wiki.gentoo.org/wiki/Hardened/Introduction_to_Position_Independen=
t_Code
> but the page can benefit from some clean-ups and editing.
>
> With ASLR, applications are given a random base address. With non-PIC
> applications, this doesn't matter as the base address is hardly used. The
> code has hardcoded locations anyway, so the (randomized) base address is
> ignored.
>
> Wkr,
>         Sven Vermeulen
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic