On 19/12/14 03:50 AM, Lukas Jirkovsky wrote:
No matter how much I like the idea of making Arch more secure, there is one thing that makes compiling the whole system with ASLR one big no-go for me (please correct me if I'm wrong). As far as I know, the ASLR makes core dumps completely useless, and also makes it impossible to make any sense from addresses in backtrace (assume that you get a backtrace from an application without debugging symbols). I guess the same thing would happen with valgrind, too.
I would be OK with building things from core with ASLR, as they should very stable, but not whole Arch.
Lukas
The address of dynamic libraries, the stack and the heap (both sbrk and
the mmap base) is already randomized today so the backtrace is already
going to include randomized addresses for anything defined in a library.
PIE makes it possible for the executable base to be relocated, which
*also* randomizes the code and data defined in the executable and some
global data structures like the GOT / PLT. ASLR needs PIE to be a truly
useful exploit mitigation but it's still there without it.
An executable is compiled as PIE is compatible with full ASLR but it
doesn't force users to use it. ASLR can be disabled by setting
/proc/sys/kernel/randomize_va_space to 0. It's also possible to do it
for a single process (far better idea), which this wrapper tool will do:
#include