Hi.. On Mon, Oct 18, 2010 at 10:44, Dave Hylands <dhylands@xxxxxxxxx> wrote: > The reason for doing this is to make it more difficult for certain > exploits to work. Stack overwrite exploits typically require that the > stack be at a particular location. By randomizing it, it makes this > particular type of exploit much more difficult to create. Uhm....: (CentOS 5.5 kernel version 2.6.18-194.17.1.el5) $ sudo sh -c " echo 0 > /proc/sys/kernel/randomize_va_space " $ cat /proc/self/maps 002b6000-002b7000 r-xp 002b6000 00:00 0 [vdso] 009fc000-00a17000 r-xp 00000000 fd:00 1245187 /lib/ld-2.5.so 00a17000-00a18000 r-xp 0001a000 fd:00 1245187 /lib/ld-2.5.so 00a18000-00a19000 rwxp 0001b000 fd:00 1245187 /lib/ld-2.5.so 00a1b000-00b6d000 r-xp 00000000 fd:00 1245201 /lib/libc-2.5.so 00b6d000-00b6f000 r-xp 00152000 fd:00 1245201 /lib/libc-2.5.so 00b6f000-00b70000 rwxp 00154000 fd:00 1245201 /lib/libc-2.5.so 00b70000-00b73000 rwxp 00b70000 00:00 0 08048000-0804d000 r-xp 00000000 fd:00 229469 /bin/cat 0804d000-0804e000 rw-p 00004000 fd:00 229469 /bin/cat 0804e000-0806f000 rw-p 0804e000 00:00 0 [heap] b7df1000-b7ff1000 r--p 00000000 fd:00 372402 /usr/lib/locale/locale-archive b7ff1000-b7ff3000 rw-p b7ff1000 00:00 0 bffea000-bffff000 rw-p bffe9000 00:00 0 [stack] So, IMO, randomizing address space do play some role here, but not entirely...I believe kernel reserve the last page near 0x C000 000 for some kind of marker. Perhaps a guard page, canary or something like that... -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
