Re: [PATCH] ASLRv3: randomize_va_space=3 preventing offset2lib attack

From: Jiri Kosina
Date: Mon Dec 22 2014 - 14:50:03 EST

On Mon, 22 Dec 2014, Andy Lutomirski wrote:

> a. With PIE executables, the offset from the executable to the
> libraries is constant. This is unfortunate when your threat model
> allows you to learn the executable base address and all your gadgets
> are in shared libraries.

When I was originally pushing PIE executable randomization, I have been
thinking about ways to solve this.

In theory, we could start playing games with load_addr in
load_elf_interp() and randomizing it completely independently from mmap()
base randomization, but the question is whether it's really worth the
hassle and binfmt_elf code complication. I am not convinced.

Jiri Kosina
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at