GNU bug report logs - #68961
ASLR seems to be partially broken

Previous Next

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
To: bug-guix <at> gnu.org
Subject: ASLR seems to be partially broken
Date: Tue, 6 Feb 2024 23:57:53 +0100

Hi,

I found today an interesting blog post about broken ASLR (Address Space
Layout Randomization) on Linux:
https://zolutal.github.io/aslrnt/

Curious if this is also a problem on Guix System I did a quick test.

```
$ cat aslr.py
from subprocess import check_output
result = 0x0
for _ in range(0,1000):
    out = check_output("cat /proc/self/maps | grep libc | head -n1",
shell=True).decode()
    base_address = int(out.split('-')[0], 16)
    result |= base_address
print('libc: ' + hex(result))

resultld = 0x0
for _ in range(0,1000):
    out = check_output("cat /proc/self/maps | grep ld-linux | head
-n1", shell=True).decode()
    base_address = int(out.split('-')[0], 16)
    resultld |= base_address
print('ld-linux: ' + hex(resultld))
```

Running this on x86_64 system of mine results on two systems in:
libc: 0x7ffffffa9000
ld-linux: 0x7ffffffff000

On the third system it prints:
libc: 0x7ffffffff000
ld-linux: 0x7ffffffff000

For 32bit it looks even worse (not sure if it's correct to test it like
this):
$ guix shell --system=i686-linux coreutils python -- python3 aslr.py
libc: 0xf7800000
ld-linux: 0xf7fff000

Not sure what we should do here. There seem to be some a kernel patch
for Ubuntu available:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?h=master-next&id=760c2b1fa1f5e95be1117bc7b80afb8441d4b002

~Jonathan

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.