On 7/8/24 12:37 PM, Will Dormann wrote:
- Modern (e.g. 6.x kernel) x86 platforms load a large-enough libc at
the same address every time. (i.e. no practical ASLR -- "ASLRn't")
- Modern (e.g. 6.x kernel and large-enough libc) x86_64 platforms
running 32-bit code will load a large-enough library at the same address
every time.
- Modern x86_64 systems with the CVE-2024-26621 patch will randomize
the load address of large libraries loaded by 32-bit apps.
- Modern x86 systems with the CVE-2024-26621 patch will NOT ranzomize
the load address of large libraries. (i.e. is still vulnerable to
"ASLRn't" despite the patch)
- Older Linux (5.x and earlier) randomize loaded libraries as expected.
And just to clarify on my use of terminology in the list above:
When I say "x86" {systems,platforms}, I mean a 32-bit Linux distribution
with an i386/i686 kernel and associated userland binaries. This may be
virtualized on a x86_64 CPU, or emulated (in my case) on a 32-bit x86 CPU.
When I say "x86_64" {systems,platforms}, I'm referring to a common
x86_64 64-bit Linux distro. And on such a distro, you can run 32-bit
code if you like. In my case, I compiled test-mmap.c as a 32-bit app by
installing gcc-multilib and compiling with gcc -m32.
IOW, "x86" as I use it is 32-bit Linux. "x86_64" is 64-bit Linux.
-WD
