[RFC PATCH 0/3] Improved ALSR
Topi Miettinen
toiwoton@gmail.com
Mon Nov 23 18:16:34 GMT 2020
On 23.11.2020 18.44, Florian Weimer wrote:
> * Topi Miettinen via Libc-alpha:
>
>> Problem with using sbrk() for allocations is that the location of the
>> memory is relatively predicatable since it's always located next to
>> data segment. This series makes malloc() and TCB use mmap() instead.
>
> Doesn't switching to mmap trade one (relatively) fixed offset for
> another? I think anonymous mmap is not randomized independently from
> the file mappings used for loading DSOs.
The mappings are indeed rather predictable relative to each other, even
with /proc/sys/kernel/randomize_va_space=2. The base address is somewhat
randomized. I've sent a patch to fully randomize the mappings:
https://patchwork.kernel.org/project/linux-mm/patch/20201026160518.9212-1-toiwoton@gmail.com/
Glibc could do similar randomization by itself, by calling mmap() with
an address hint generated with a random numbers from getrandom(), but I
think hardening the kernel is better choice.
> And the series only changes the TCB allocation for the main thread.
> Fixing thread TCB/stack collocation is a completely different matter
> (and probably the more significant issue than lack of ASLR).
I thought I covered all uses of sbrk(), perhaps I missed that one. Does
the thread TCB/stack allocation use sbrk()?
-Topi
More information about the Libc-alpha
mailing list