tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

paxctl(8) and ASLR - bug?



As far as I can see paxctl(8) doesn't work as expected on NetBSD current
and 5.1. The following typescript shows that library load
addresses stay the same after enabling PaX ASLR for the program.
Executable load address on the other hand is randomized normally.
It looks like a bug. What am I doing wrong?

=============================================================
0 ~>sysctl -a | grep security.pax.aslr
security.pax.aslr.enabled = 1
security.pax.aslr.global = 0
security.pax.aslr.mmap_len = 32
security.pax.aslr.stack_len = 12
security.pax.aslr.exec_len = 12

0 0 ~>cat main.c
#include <stdio.h>

int main(void)
{
        printf ("%p\n", &main);
        return 0;
}

0 ~>cc -pie -fPIE -o main main.c -lz -llzma -lm

0 ~>./main
0x200950

0 ~>./main
0x200950

0 ~>ldd -f '%o -> %x\n' ./main
z -> 0x7f7ff7000000
c -> 0x7f7ff6400000
lzma -> 0x7f7ff6c00000
m -> 0x7f7ff6800000

0 ~>ldd -f '%o -> %x\n' ./main
z -> 0x7f7ff7000000
c -> 0x7f7ff6400000
lzma -> 0x7f7ff6c00000
m -> 0x7f7ff6800000

0 ~>paxctl +A ./main

0 ~>./main
0x1a4e01950

0 ~>./main
0x174401950

0 ~>ldd -f '%o -> %x\n' ./main
z -> 0x7f7ff7000000
c -> 0x7f7ff6400000
lzma -> 0x7f7ff6c00000
m -> 0x7f7ff6800000

0 ~>ldd -f '%o -> %x\n' ./main
z -> 0x7f7ff7000000
c -> 0x7f7ff6400000
lzma -> 0x7f7ff6c00000
m -> 0x7f7ff6800000

0 ~>
=============================================================

At the same time enabling ASLR globally works fine.

=============================================================

0 ~>paxctl ./main
No PaX flags.

0 ~>sysctl security.pax.aslr.global
security.pax.aslr.global = 1

0 ~>./main
0x119a01950

0 ~>./main
0x1c4201950

0 ~>ldd -f '%o -> %x\n' ./main
z -> 0x7ac30a800000
c -> 0x7ac309c00000
lzma -> 0x7ac30a400000
m -> 0x7ac30a000000

0 ~>ldd -f '%o -> %x\n' ./main
z -> 0x6fd77ce00000
c -> 0x6fd77c200000
lzma -> 0x6fd77ca00000
m -> 0x6fd77c600000

0 ~>uname -srm
NetBSD 5.99.52 amd64

0 ~>

=============================================================

-- 
Best regards, Aleksey Cheusov.


Home | Main Index | Thread Index | Old Index