Linux Kernel Programming by Kaiwan N Billimoria
Author:Kaiwan N Billimoria [Kaiwan N Billimoria]
Language: eng
Format: epub
Publisher: Packt Publishing
Published: 2021-03-19T00:00:00+00:00
Randomizing the memory layout â KASLR
In infosec circles, it's a well-known fact that, with proc filesystem (procfs) and various powerful tools at their disposal, a malicious user, knowing in advance the precise location (virtual addresses) of various functions and/or globals with a process's VAS, could devise an attack to exploit and ultimately compromise a given system. Thus, for security, to make it impossible (or at least difficult) for attackers to rely on "known" virtual addresses, user space as well as kernel space supports ASLR (Address Space Layout Randomization) and KASLR (Kernel ASLR) techniques (often pronounced Ass-ler / Kass-ler).
The keyword here is randomization: this feature, when enabled, changes the location of portions of the process (and kernel) memory layout in terms of absolute numbers as it offsets portions of memory from a given base address by a random (page-aligned) quantity. What "portions of memory" exactly are we talking about? With respect to user space mappings (we will talk about KASLR later), the starting addresses of shared libraries (their load address), mmap(2)-based allocations (remember, any malloc() function (/calloc/realloc) above 128 KB becomes an mmap-based allocation, not off the heap), stack start, the heap, and the vDSO page; all of these can be randomized at process run (launch) time.
Hence, an attacker cannot depend on, say, a glibc function (such as system(3)) being mapped at a particular fixed UVA in any given process; not only that, the location will vary every time the process runs! Before ASLR, and on systems where ASLR is unsupported or turned off, the location of symbols can be ascertained in advance for a given architecture and software version (procfs plus utilities like objdump, readelf, nm, and so on make this quite easy).
It's key to realize that [K]ASLR is merely a statistical protection. In fact, typically, not many bits are available for randomization and thus the entropy isn't very good. This implies that the page-sized offsets are not too many, even on 64-bit systems, thus leading to a possibly weakened implementation.
Let's now briefly look at a few more details regarding both user mode and kernel-mode ASLR (the latter being referred to as KASLR); the following sections cover these areas, respectively.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7742)
Filmora Efficient Editing by Alexander Zacharias(5453)
The Infinite Retina by Robert Scoble Irena Cronin(4900)
Linux Device Driver Development Cookbook by Rodolfo Giometti(3906)
Learn Wireshark - Fundamentals of Wireshark. by Lisa Bock(3791)
Edit Like a Pro with iMovie by Regit(3243)
Linux Administration Best Practices by Scott Alan Miller(2844)
Linux Command Line and Shell Scripting Techniques by Vedran Dakic & Jasmin Redzepagic(2821)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2509)
Docker on Windows by Stoneman Elton(2308)
Kali Linux - An Ethical Hacker's Cookbook: End-to-end penetration testing solutions by Sharma Himanshu(2297)
Mastering PowerShell Scripting - Fourth Edition by Chris Dent(2221)
Hands-On AWS Penetration Testing with Kali Linux by Karl Gilbert(2096)
Creative Projects for Rust Programmers by Carlo Milanesi(2050)
Hands-On Linux for Architects by Denis Salamanca(2031)
Computers For Seniors For Dummies by Nancy C. Muir(1985)
Programming in C (4th Edition) (Developer's Library) by Stephen G. Kochan(1975)
The Old New Thing by Raymond Chen(1929)
Linux Kernel Debugging by Kaiwan N Billimoria(1754)
