tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: paxctl(8) and ASLR - bug?



On 07.06.2011 18:15, Thor Lancelot Simon wrote:
>> Try with paxctl +A $(which ldd).
> 
> Oof!  This isn't safe to do, because it will apply ASLR in cases
> where it is known to be unsafe -- just like enabling it globally
> would.

What cases? I'd expect the impact to be minimal: ldd is a self contained
executable that walks the dependencies by itself, and does not rely on
the executable to perform the work (except for reading ELF sections).

Modifying its property should not have any real impact on rtld behavior
outside of ldd.

> It seems to me ldd *must* look at the executable and use the ASLR 
> flag value from there, or the enabling of ASLR on a per executable 
> basis cannot really work.

On what ground? I really can't see what the benefit would be to print
load addresses "under ASLR if ASLR is enabled for the executable" there,
as they would be random.

In fact, I am not even sure that ldd output can be trusted for %x
anyway, even without ASLR: given the way mmap(...) happens, the address
passed as parameter is a hint. So the library's code can be mapped at
another address, at system's convenience.

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost


Home | Main Index | Thread Index | Old Index