Linux Protections Against Exploits

  • View
    559

  • Download
    2

Embed Size (px)

DESCRIPTION

An analysis of how ASLR works in Linux. All examples are in CentOS 5. This slide is written in Farsi (Persian) language which by now is the only choice.

Transcript

  • 1. ASLR 0931
  • 2. ASLR - ASLR - ASLR Heap - ASLR - ASLR mmap - ASLR - - ASLR -
  • 3. ASLR ASLR - . ASLR ) ( - . ASLR 21.6.2 )5002 (May - . PaX exec-shield . - 5002 - PaX 1002 .
  • 4. ASLR ASLR - . EIP : - IP )(EIP
  • 5. ASLR ) (cat ASLR - :
  • 6. ASLR
  • 7. ASLR - : 0000x0804e 0000x0804e HEAP0000xbffea 0000xbffea Stack000760x00b 000760x00b Libc000840800x 000840800x
  • 8. ASLR - ASLR .- . IP )(EIP )????????(
  • 9. ASLR ) (cat ASLR - :
  • 10. ASLR
  • 11. ASLR : - 000606800x 00000x08dd HEAP000610xbfe 0008280xbf Stack000760x00b 000760x00b Libc000840800x 000840800x HEAP STACK .
  • 12. ASLR ASLR . - . - ASLR 21.6.2 . - 5002 )21.6.2( ASLR PaX 1002 . - ASLR ELF . - ) ELF ( .
  • 13. ASLR ASLR - :
  • 14. ASLR
  • 15. ASLR - ASLR : MMU ) (embedded - include/mm.h . MMU . - ) 93.6.2( MMU - . MMU CPU - ... .
  • 16. ASLR
  • 17. ASLR : -
  • 18. ASLR
  • 19. ASLR personality.h . - )( mmap : -
  • 20. ASLR /include/linux/sysctl.h )( sysctl . - . - KERN_RANDOMIZE - . ISA UniCore PKUnity SoC heap - arch/unicore32/kernel/process.c arch/unicore32/include/asm/elf.h .
  • 21. ASLR - . ),ARM, MIPS - TILE ...( 68 x . ASLR 68 x : - . - )(.mmap - .heap - . -
  • 22. ASLR . - )( load_elf_binary - fs/binfmt_elf.c .
  • 23. ASLR - : : Current . ) (include/linux/personality.h ADDR_NO_RANDOMIZE randomize_va_space ) (PF_RANDOMIZE . ASLR .
  • 24. ASLR )( setup_arg_pages ToS - . )( randomize_stack_top - .