1 40
100%
Actual Size
Fit Width
Fit Height
Fit Page
Automatic
ﺑﺮرﺳﯽ روﺷﻬﺎي ﺟﻠﻮﮔﯿﺮي از ﮐﺎرﮐﺮد اﮐﺴﭙﻠﻮﯾﺖ ﻫﺎ در ﻟﯿﻨﻮﮐﺲ ﻗﺴﻤﺖ ﯾﮑﻢ – ASLR ﻣﺤﻤﺪ ﮔﻠﯿﺎﻧﯽ ﺧﺮداد 1390
Linux Protections Against Exploits
Embed Size (px)
344 x 292
429 x 357
514 x 422
599 x 487
DESCRIPTION
An analysis of how ASLR works in Linux. All examples are in CentOS 5. This slide is written in Farsi (Persian) language which by now is the only choice.
Citation preview
1. ASLR 0931
2. ASLR - ASLR - ASLR Heap - ASLR - ASLR mmap - ASLR - - ASLR
-
3. ASLR ASLR - . ASLR ) ( - . ASLR 21.6.2 )5002 (May - . PaX
exec-shield . - 5002 - PaX 1002 .
4. ASLR ASLR - . EIP : - IP )(EIP
5. ASLR ) (cat ASLR - :
6. ASLR
7. ASLR - : 0000x0804e 0000x0804e HEAP0000xbffea 0000xbffea
Stack000760x00b 000760x00b Libc000840800x 000840800x
8. ASLR - ASLR .- . IP )(EIP )????????(
9. ASLR ) (cat ASLR - :
10. ASLR
11. ASLR : - 000606800x 00000x08dd HEAP000610xbfe 0008280xbf
Stack000760x00b 000760x00b Libc000840800x 000840800x HEAP STACK
.
12. ASLR ASLR . - . - ASLR 21.6.2 . - 5002 )21.6.2( ASLR PaX
1002 . - ASLR ELF . - ) ELF ( .
13. ASLR ASLR - :
14. ASLR
15. ASLR - ASLR : MMU ) (embedded - include/mm.h . MMU . - )
93.6.2( MMU - . MMU CPU - ... .
16. ASLR
17. ASLR : -
18. ASLR
19. ASLR personality.h . - )( mmap : -
20. ASLR /include/linux/sysctl.h )( sysctl . - . -
KERN_RANDOMIZE - . ISA UniCore PKUnity SoC heap -
arch/unicore32/kernel/process.c arch/unicore32/include/asm/elf.h
.
21. ASLR - . ),ARM, MIPS - TILE ...( 68 x . ASLR 68 x : - . -
)(.mmap - .heap - . -
22. ASLR . - )( load_elf_binary - fs/binfmt_elf.c .
23. ASLR - : : Current . ) (include/linux/personality.h
ADDR_NO_RANDOMIZE randomize_va_space ) (PF_RANDOMIZE . ASLR .
24. ASLR )( setup_arg_pages ToS - . )( randomize_stack_top -
.
25. ASLR )() randomize_stack_top ( - . - . random_variable . -
PAGE_ALIGN PAGE random_variable PAGE_ALIGN . PAGE_ALIGN )
.(RISC
26. ASLR random_variable - )( get_random_int PAGE_SHIFT .
PAGE_SHIFT 68 x 21 : - ).(arch/x86/include/asm/page_types.h )(
get_random_int STACK_RND_MASK random_variable ) (. STACK_RND_MASK )
( .
27. PAGE_SHIFT - PAGING PAGE . PAGE asm/page.h ) .(PAGE_SIZE -
. - PAGE PAGE . - PAGE - PAGE . PAGE_SHIFT . -
28. PAGE_SHIFT 21 PAGE . 212 = 6904 = PAGE_SIZE A B C D E F G H
I J K L M N O P Q PAGE PAGE 0 0 0 0 0 0 0 0 0 0 0 0 A B C D E 21
PAGE PAGE_SHIFT 21 .
29. ASLR )( get_random_int drivers/char/random.c - : HASH )
(CPU )( get_keyptr keyptr HASH PID HASH )( half_md4_transform
30. ASLR )( half_md4_transform lib/halfmd4.c - 4 MD 8 XOR AND
.
31. ASLR ASLR 4 4) MD - ( . : - . - . - . - ASLR 21.6.2 . -
STACK_RND_MASK - ).. (Binfmt_elf.c ASLR 11 7402 .
32. ASLR heap fs/binfmt_elf.c - . PF_RANDOMIZE
randomize_va_space heap )( arch_randomize_brk .
33. ASLR heap heap )( arch_randomize_brk -
arch/x86/kernel/process.c : randomize_range heap .
34. ASLR heap )( randomize_range drivers/char/random.c - .
PAGE_ALIGN)( get_random_int .
35. ASLR )(mmap mmap ASLR - arch . )( arch_pick_mmap_layout )(
mmap_legacy_base )( mmap_base .
36. ASLR )(mmap ) ( .
37. ASLR )(mmap )( mmap_rnd .
38. ASLR )(mmap mmap )( mmap_rnd ) Stack )( (get_random_int .
23 8 46 82 .
39. ASLR ASLR - . ASLR - PaX ) (. ASLR heap mmap . - PID - . 4
MD - .
40. : [email protected]
LOAD MORE