Download pdf - Linux Protections Against Exploits

1. ASLR 0931

2. ASLR - ASLR - ASLR Heap - ASLR - ASLR mmap - ASLR - - ASLR -

3. ASLR ASLR - . ASLR ) ( - . ASLR 21.6.2 )5002 (May - . PaX exec-shield . - 5002 - PaX 1002 .

4. ASLR ASLR - . EIP : - IP )(EIP

5. ASLR ) (cat ASLR - :

6. ASLR

7. ASLR - : 0000x0804e 0000x0804e HEAP0000xbffea 0000xbffea Stack000760x00b 000760x00b Libc000840800x 000840800x

8. ASLR - ASLR .- . IP )(EIP )????????(

9. ASLR ) (cat ASLR - :

10. ASLR

11. ASLR : - 000606800x 00000x08dd HEAP000610xbfe 0008280xbf Stack000760x00b 000760x00b Libc000840800x 000840800x HEAP STACK .

12. ASLR ASLR . - . - ASLR 21.6.2 . - 5002 )21.6.2( ASLR PaX 1002 . - ASLR ELF . - ) ELF ( .

13. ASLR ASLR - :

14. ASLR

15. ASLR - ASLR : MMU ) (embedded - include/mm.h . MMU . - ) 93.6.2( MMU - . MMU CPU - ... .

16. ASLR

17. ASLR : -

18. ASLR

19. ASLR personality.h . - )( mmap : -

20. ASLR /include/linux/sysctl.h )( sysctl . - . - KERN_RANDOMIZE - . ISA UniCore PKUnity SoC heap - arch/unicore32/kernel/process.c arch/unicore32/include/asm/elf.h .

21. ASLR - . ),ARM, MIPS - TILE ...( 68 x . ASLR 68 x : - . - )(.mmap - .heap - . -

22. ASLR . - )( load_elf_binary - fs/binfmt_elf.c .

23. ASLR - : : Current . ) (include/linux/personality.h ADDR_NO_RANDOMIZE randomize_va_space ) (PF_RANDOMIZE . ASLR .

24. ASLR )( setup_arg_pages ToS - . )( randomize_stack_top - .

25. ASLR )() randomize_stack_top ( - . - . random_variable . - PAGE_ALIGN PAGE random_variable PAGE_ALIGN . PAGE_ALIGN ) .(RISC

26. ASLR random_variable - )( get_random_int PAGE_SHIFT . PAGE_SHIFT 68 x 21 : - ).(arch/x86/include/asm/page_types.h )( get_random_int STACK_RND_MASK random_variable ) (. STACK_RND_MASK ) ( .

27. PAGE_SHIFT - PAGING PAGE . PAGE asm/page.h ) .(PAGE_SIZE - . - PAGE PAGE . - PAGE - PAGE . PAGE_SHIFT . -

28. PAGE_SHIFT 21 PAGE . 212 = 6904 = PAGE_SIZE A B C D E F G H I J K L M N O P Q PAGE PAGE 0 0 0 0 0 0 0 0 0 0 0 0 A B C D E 21 PAGE PAGE_SHIFT 21 .

29. ASLR )( get_random_int drivers/char/random.c - : HASH ) (CPU )( get_keyptr keyptr HASH PID HASH )( half_md4_transform

30. ASLR )( half_md4_transform lib/halfmd4.c - 4 MD 8 XOR AND .

31. ASLR ASLR 4 4) MD - ( . : - . - . - . - ASLR 21.6.2 . - STACK_RND_MASK - ).. (Binfmt_elf.c ASLR 11 7402 .

32. ASLR heap fs/binfmt_elf.c - . PF_RANDOMIZE randomize_va_space heap )( arch_randomize_brk .

33. ASLR heap heap )( arch_randomize_brk - arch/x86/kernel/process.c : randomize_range heap .

34. ASLR heap )( randomize_range drivers/char/random.c - . PAGE_ALIGN)( get_random_int .

35. ASLR )(mmap mmap ASLR - arch . )( arch_pick_mmap_layout )( mmap_legacy_base )( mmap_base .

36. ASLR )(mmap ) ( .

37. ASLR )(mmap )( mmap_rnd .

38. ASLR )(mmap mmap )( mmap_rnd ) Stack )( (get_random_int . 23 8 46 82 .

39. ASLR ASLR - . ASLR - PaX ) (. ASLR heap mmap . - PID - . 4 MD - .

40. : [email protected]