Find the answer to your Linux question:
Results 1 to 2 of 2
Greetings, I'm doing a presentation for school on attacks against address space layout randomization. I plan on demonstrating either a return-to-libc attack or a similar ROP technique using linux-gate.so. I've ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2013
    Posts
    1

    Unhappy linux-gate.so Randomization Even Prior to 2.6.18


    Greetings,

    I'm doing a presentation for school on attacks against address space layout randomization. I plan on demonstrating either a return-to-libc attack or a similar ROP technique using linux-gate.so.

    I've read 'Hacking - The Art of Exploitation' which describes the linux-gate.so technique. It's the same type of ROP used in return-to-libc except you use linux-gate.so instead of libc.so. On kernel versions prior to 2.6.18, ASLR could still be bypassed because linux-gate.so (and libc.so, I assume) were still always loaded at the same address.

    So my project should be as simple as using a distro compiled with anything pre-2.6.18, right? Not exactly. I've done just that with Fedora Core 5 and 4 (kernel 2.6.15 and 2.6.11 respectively) but linux-gate.so and libc.so and everything else for that matter are still loaded at random addresses each time I check using ldd. It doesn't matter whether ASLR is turned on or off in /proc/sys/kernel/randomize_va_space (even though it's supposed to work with it set to 0).

    If I am using a kernel prior to 2.6.18, what could be causing these libraries to still be loaded randomly?

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,539
    It is possible that the kernels in question had been patched to fix this issue.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •