Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Unhappy Randomization Even Prior to 2.6.18


    I'm doing a presentation for school on attacks against address space layout randomization. I plan on demonstrating either a return-to-libc attack or a similar ROP technique using

    I've read 'Hacking - The Art of Exploitation' which describes the technique. It's the same type of ROP used in return-to-libc except you use instead of On kernel versions prior to 2.6.18, ASLR could still be bypassed because (and, I assume) were still always loaded at the same address.

    So my project should be as simple as using a distro compiled with anything pre-2.6.18, right? Not exactly. I've done just that with Fedora Core 5 and 4 (kernel 2.6.15 and 2.6.11 respectively) but and and everything else for that matter are still loaded at random addresses each time I check using ldd. It doesn't matter whether ASLR is turned on or off in /proc/sys/kernel/randomize_va_space (even though it's supposed to work with it set to 0).

    If I am using a kernel prior to 2.6.18, what could be causing these libraries to still be loaded randomly?

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    It is possible that the kernels in question had been patched to fix this issue.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts