On Thu, Aug 27, 2015 at 03:02:59PM +0200, François wrote: > this is my first message here, I hope I'm not off-topic! > > I've been reading [1], and tried on my gentoo system: > > fser@regal /tmp$ ./aslr-test-without > main @ 0x4005da > doit @ 0x40059b > fser@regal /tmp$ ./aslr-test-without > main @ 0x4005da > doit @ 0x40059b > fser@regal /tmp$ ./aslr-test-without > main @ 0x4005da > doit @ 0x40059b > > > and > > fser@regal /tmp$ ./aslr-test-withpie > main @ 0x468f410820 > doit @ 0x468f4107e1 > fser@regal /tmp$ ./aslr-test-withpie > main @ 0x6d8a0f9820 > doit @ 0x6d8a0f97e1 > fser@regal /tmp$ ./aslr-test-withpie > main @ 0x33eb5d8820 > doit @ 0x33eb5d87e1 > fser@regal /tmp$ ./aslr-test-withpie > main @ 0x769c4a5820 > doit @ 0x769c4a57e1 > > I was under the impression that ASLR was enforced by the kernel, when > creating a new context for a process. > Reading the description of [1], I was expecting the adress of main (at > least) to be different. > > Can someone explain me this behavior?
ASLR only works properly with binaries that use Position Independent Code. That means that the generated machine code does not hardcode any (virtual) addresses, instead uses relative addressing. Some information about this is at https://wiki.gentoo.org/wiki/Hardened/Introduction_to_Position_Independent_Code but the page can benefit from some clean-ups and editing. With ASLR, applications are given a random base address. With non-PIC applications, this doesn't matter as the base address is hardly used. The code has hardcoded locations anyway, so the (randomized) base address is ignored. Wkr, Sven Vermeulen
