Hi there,
Apparently I'm not getting library address randomization for any programs (compiled or not as PIE). Whereas the binary itself, stack and heap are randomly getting their addresses changed from one execution to the next, the library stands still at a predictable location. Strangely enough I've got the expected results out of Ubuntu 8.10. Here's one example:
[ricardo@localhost ~]$ cat /proc/sys/kernel/randomize_va_space 2 [ricardo@localhost ~]$ cat /proc/sys/kernel/exec-shield 1 [ricardo@localhost ~]$ echo 'int main(){}' > dummy.c [ricardo@localhost ~]$ gcc -fpie -pie -o dummy dummy.c [ricardo@localhost ~]$ ldd dummy linux-gate.so.1 => (0x00130000) libc.so.6 => /lib/libc.so.6 (0x00133000) /lib/ld-linux.so.2 (0x00110000) [ricardo@localhost ~]$ ldd dummy linux-gate.so.1 => (0x00130000) libc.so.6 => /lib/libc.so.6 (0x00133000) /lib/ld-linux.so.2 (0x00110000)
Am I missing something? This is the third mailing list that I'm trying. Thanks a lot :)
On Mon, Jan 26, 2009 at 12:14:10AM -0300, Ricardo Rolim wrote:
Am I missing something? This is the third mailing list that I'm trying. Thanks a lot :)
Have you tried adding vdso=1 as kernel boot parameter ? See Documentation/kernel-parameters.txt in the kernel source for details.
On Mon, 26 Jan 2009, Ricardo Rolim wrote:
Apparently I'm not getting library address randomization for any programs (compiled or not as PIE). Whereas the binary itself, stack and heap are randomly getting their addresses changed from one execution to the next, the library stands still at a predictable location.
Is sysctl kernel.randomize_va_space set to 1? Are the libraries prelinked? Have you tried prelink -u?
On Mon, Jan 26, 2009 at 12:14:10AM -0300, Ricardo Rolim wrote:
Hi there,
Apparently I'm not getting library address randomization for any programs (compiled or not as PIE). Whereas the binary itself, stack and heap are randomly getting their addresses changed from one execution to the next, the library stands still at a predictable location. Strangely enough I've got the expected results out of Ubuntu 8.10. Here's one example:
[ricardo@localhost ~]$ cat /proc/sys/kernel/randomize_va_space 2 [ricardo@localhost ~]$ cat /proc/sys/kernel/exec-shield 1 [ricardo@localhost ~]$ echo 'int main(){}' > dummy.c [ricardo@localhost ~]$ gcc -fpie -pie -o dummy dummy.c [ricardo@localhost ~]$ ldd dummy linux-gate.so.1 => (0x00130000) libc.so.6 => /lib/libc.so.6 (0x00133000) /lib/ld-linux.so.2 (0x00110000) [ricardo@localhost ~]$ ldd dummy linux-gate.so.1 => (0x00130000) libc.so.6 => /lib/libc.so.6 (0x00133000) /lib/ld-linux.so.2 (0x00110000)
What kernel version are you running? Kyle fixed up some of this code last week.
Dave
Hey Dave (and Kyle),
thank you very much! The new kernel (2.6.27.12-170.2.5.fc10.i686) fixed up that problem. PIEs are again getting their libraries addresses randomized no matter if these libraries are prelinked or not; and non-PIEs are getting these libraries randomized when they are not prelinked.
Best regards, Ricardo
security@lists.fedoraproject.org
-
Dave Jones -
Michel Messerschmidt -
Pavel Kankovsky -
Ricardo Rolim