mail@xxxxxxxxxx writes: > Hey, I read that ASLR is currently (since kernel >=5.18) broken for > 32bit libs and reduced in effectiveness for 64bit libs... (the issue > only arises if a lib is over 2MB). > I confirmed this for myself but only for the 64bit case. > > I saw that this issue is being tracked by ubuntu > (https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1983357). > If this is the wrong place and I should instead report it elsewhere I > am very sorry. See also https://bugs.debian.org/1024149. Unfortunately, I don't think the issue found its way upstream until now (thanks). CCing relevant maintainers (per the Debian bug). > > Sources: > https://zolutal.github.io/aslrnt/ # the page of the original > discoverer of the bug - as far as I know > https://infosec.exchange/@wdormann/111744168574317113 > > How I checked that this issue is present (I used bat because it > includes libcrypto which is a lot bigger than 2MB and not on the edge > of 2MB like libc): > ```python > from subprocess import check_output > > def check_bit_usage(cmd): > res = 0x0 > for _ in range(0, 1000): > out = check_output(cmd, shell=True).decode() > base_address = int(out.split("-")[0], 16) > res |= base_address > return hex(res) > > result = check_bit_usage("cat /proc/self/maps | grep ld-linux | head > -n1") > print(f"Result for ld-linux (smaller than 2MB): {result}") > > result = check_bit_usage("bat /proc/self/maps | grep libcrypto | head > -n1") > print(f"Result for libcrypto (bigger than 2MB): {result}") > ``` > > Output: > ``` > Result for ld-linux (smaller than 2MB): 0x7ffffffff000 > Result for libcrypto (bigger than 2MB): 0x7fffffe00000 > ``` > > This is my first time reporting an issue to the kernel so if anything > is inappropriate please let me know.
