ASLR 实施
我刚刚读到 ASLR 如何帮助防止缓冲区溢出攻击,并想看看它的实现。
有人可以提供一些关于我可以从哪里开始寻找的建议吗? 如果您能给我指出更多与此相关的阅读材料,我也会很高兴。
I just read about how ASLR helps in preventing buffer overflow attacks and would like to have a look at its implementation.
Could someone offer a few pointers on where I could start looking?
I would also love it if you could point me towards more reading material related to the same.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
其实现自然可以在 Linux 内核源代码树中找到。即使只是 grep for.. randomize_va_space 也会出现足够的结果来开始。
在精灵加载器中 #ifdef arch_randomize_brk -> arch_randomize_brk -> randomize_range
The implementation can naturally be found in the Linux kernel source tree. Even just grepping for.. randomize_va_space will turn up enough results to start on.
In the elf loader #ifdef arch_randomize_brk -> arch_randomize_brk -> randomize_range
如何使用?
https://lkml.org/lkml/2010/11/30/110
那是什么?
为什么
?
防止两种类型的攻击:
http://en.wikipedia.org/wiki/Return- to-libc_attack
http://en.wikipedia.org/wiki/Return-orient_programming< /a>
因为如果固定在内存中,这两种攻击都会假设您的代码区域。
How to use?
https://lkml.org/lkml/2010/11/30/110
What is that?
http://en.wikipedia.org/wiki/Address_space_layout_randomization
Why?
To prevent 2 types of attack:
http://en.wikipedia.org/wiki/Return-to-libc_attack
http://en.wikipedia.org/wiki/Return-oriented_programming
because both attack assumed your code area if fixed in memory.