[PLUG] Stack location variance on RH9.0, not on RH8.0

Dan Young dan_young at parkrose.k12.or.us
Thu Nov 11 01:31:31 UTC 2004


On Wed, 2004-11-10 at 17:08 -0800, Steve Bonds wrote:
> There's a definite pattern to the location of the stack pointer on Red Hat
> 9, but I don't know why it wouldn't be the same as Red Hat 8.  Was this a
> security feature?  Unintended consequences of some other change?  The
> locations aren't random enough for this to be a result of one of the many
> stack protection schemes out there.
> 
> My googling led me to the same question, without any definitive answer:
> 
> http://www.linuxquestions.org/questions/showthread.php?threadid=148002
> 
> Anyone know why Red Hat 9.0 does this?

Wild guess: prelink?

prelink(8)
...
-R --random
     When assigning addresses to libraries, start with random address
     within architecture dependant virtual address space range.  This
     can  make  some  buffer  overflow  attacks  slightly  harder  to
     exploit, because libraries are not present on the same addresses
     accross  different  machines.    Normally,   assigning   virtual
     addresses  starts at the bottom of architecture dependant range.


-- 
Dan Young                                   dan_young at parkrose.k12.or.us
Parkrose School District                             Phone: 503-408-2734




More information about the PLUG mailing list