Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ===== Overview ===== ASLR (Address Space Layout Randomization) stuff (exec shield?). Links: * [[https://lwn.net/Articles/569635/|Kernel address space layout randomization (LWN, 2013)]] * [[https://linux-audit.com/linux-aslr-and-kernelrandomize_va_space-setting/|Linux and ASLR: kernel/randomize_va_space]] * [[https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/|How Effective is ASLR on Linux Systems? (2013)]] Questions: * What about kernel ASLR (KASLR)? Look for ''RANDOMIZE'' options. ===== Basics ===== Binaries must be position-independent executables, so worthless on statically-compiled binaries. Possible settings: * 0 – No randomization. Everything is static. * 1 – Conservative randomization. Shared libraries, stack, mmap(), VDSO and heap are randomized. * 2 – Full randomization. In addition to elements listed in the previous point, memory managed through brk() is also randomized. ===== Checking and changing ===== Checking: <code> $ sysctl -a --pattern randomize kernel.randomize_va_space = 2 $ </code> Changing: <code> # echo 2 > /proc/sys/kernel/randomize_va_space # sysctl -w kernel.randomize_va_space=2 </code> aslr.txt Last modified: 2018/08/18 14:35by rpjday