[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#68961: ASLR seems to be partially broken
|
From: |
Jonathan Brielmaier |
|
Subject: |
bug#68961: ASLR seems to be partially broken |
|
Date: |
Tue, 6 Feb 2024 23:57:53 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 |
Hi,
I found today an interesting blog post about broken ASLR (Address Space
Layout Randomization) on Linux:
https://zolutal.github.io/aslrnt/
Curious if this is also a problem on Guix System I did a quick test.
```
$ cat aslr.py
from subprocess import check_output
result = 0x0
for _ in range(0,1000):
out = check_output("cat /proc/self/maps | grep libc | head -n1",
shell=True).decode()
base_address = int(out.split('-')[0], 16)
result |= base_address
print('libc: ' + hex(result))
resultld = 0x0
for _ in range(0,1000):
out = check_output("cat /proc/self/maps | grep ld-linux | head
-n1", shell=True).decode()
base_address = int(out.split('-')[0], 16)
resultld |= base_address
print('ld-linux: ' + hex(resultld))
```
Running this on x86_64 system of mine results on two systems in:
libc: 0x7ffffffa9000
ld-linux: 0x7ffffffff000
On the third system it prints:
libc: 0x7ffffffff000
ld-linux: 0x7ffffffff000
For 32bit it looks even worse (not sure if it's correct to test it like
this):
$ guix shell --system=i686-linux coreutils python -- python3 aslr.py
libc: 0xf7800000
ld-linux: 0xf7fff000
Not sure what we should do here. There seem to be some a kernel patch
for Ubuntu available:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?h=master-next&id=760c2b1fa1f5e95be1117bc7b80afb8441d4b002
~Jonathan
- bug#68961: ASLR seems to be partially broken,
Jonathan Brielmaier <=