Friday, March 25, 2011

Address space layout randomization (ASLR)

ASLR is a technique which randomly arranges the libraries, heap, stack and other pages in the memory in random positions. This technique designed for standing against security attacks. If the ASLR is disabled, the memory addresses of libraries and the stack are predefined, so the vulnerable codes(shellcodes) can use these information and directly call library functions. To check if the ASLR is enabled in the system we can run some program twice and compare memory maps.

The memory positions are different, that means the ASLR is enabled. From the debugging point of view it sometimes distrurbs and we need to disable it. There are 2 ways(known to me) to disable ASLR.
1) Disable ASLR using setarch command

2) Disable ASLR for entire system

No comments:

Post a Comment