ASLR & PIE¶
links: ED TOC - Exploit Mitigations - Index
Claim¶
ASLR & PIE are mitigations which make it impossible to locate data.
General - ASLR¶
Address Space Layout Randomization (ASLR) randomizes the memory layout of each execution of a program. This leads to different perspectives for the same process, each time it is started. Hardcoding addresses is therefore not feasible for attackers. ASLR is a runtime specific exploit mitigation.
General - PIE¶
Position Independent Executable (PIE) besides the randomization of the memory layout also randomizes the location of included and shared executables. PIE is a compile time exploit mitigation strategy. PIE builds on the same idea of randomizing the addressing like ASLR and is therefore strongly related to it.
Applying ASLR¶
ASLR is active by default and applied to following sections:
- Stack
- Heap
- Libraries
ASLR is only executed on exec(..)
which launches a new program. Calling fork()
will not execute ASLR! For forks the layout of the parent process is copied (individual forks might use variables shared with the parent).
Breaking ASLR¶
Breaking ASLR requires the victim to allow information disclosure, regarding the layout of memory at runtime. This will allow the attacker to learn, where certain data is located in the specific instance.
links: ED TOC - Exploit Mitigations - Index