Re: paxctl(8) and ASLR - bug?

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: paxctl(8) and ASLR - bug?
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Tue, 07 Jun 2011 21:33:23 +0200

On 07.06.2011 18:15, Thor Lancelot Simon wrote:
>> Try with paxctl +A $(which ldd).
> 
> Oof!  This isn't safe to do, because it will apply ASLR in cases
> where it is known to be unsafe -- just like enabling it globally
> would.

What cases? I'd expect the impact to be minimal: ldd is a self contained
executable that walks the dependencies by itself, and does not rely on
the executable to perform the work (except for reading ELF sections).

Modifying its property should not have any real impact on rtld behavior
outside of ldd.

> It seems to me ldd *must* look at the executable and use the ASLR 
> flag value from there, or the enabling of ASLR on a per executable 
> basis cannot really work.

On what ground? I really can't see what the benefit would be to print
load addresses "under ASLR if ASLR is enabled for the executable" there,
as they would be random.

In fact, I am not even sure that ldd output can be trusted for %x
anyway, even without ASLR: given the way mmap(...) happens, the address
passed as parameter is a hint. So the library's code can be mapped at
another address, at system's convenience.

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: paxctl(8) and ASLR - bug?
  - From: Thor Lancelot Simon

References:
- paxctl(8) and ASLR - bug?
  - From: Aleksey Cheusov
- Re: paxctl(8) and ASLR - bug?
  - From: Jean-Yves Migeon
- Re: paxctl(8) and ASLR - bug?
  - From: Thor Lancelot Simon

Prev by Date: Re: Reusing an old (envstat(8)) command line option
Next by Date: Re: paxctl(8) and ASLR - bug?
Previous by Thread: Re: paxctl(8) and ASLR - bug?
Next by Thread: Re: paxctl(8) and ASLR - bug?
Indexes:

Home | Main Index | Thread Index | Old Index