[PLUG] Stack location variance on RH9.0, not on RH8.0
Dan Young
dan_young at parkrose.k12.or.us
Thu Nov 11 01:31:31 UTC 2004
On Wed, 2004-11-10 at 17:08 -0800, Steve Bonds wrote:
> There's a definite pattern to the location of the stack pointer on Red Hat
> 9, but I don't know why it wouldn't be the same as Red Hat 8. Was this a
> security feature? Unintended consequences of some other change? The
> locations aren't random enough for this to be a result of one of the many
> stack protection schemes out there.
>
> My googling led me to the same question, without any definitive answer:
>
> http://www.linuxquestions.org/questions/showthread.php?threadid=148002
>
> Anyone know why Red Hat 9.0 does this?
Wild guess: prelink?
prelink(8)
...
-R --random
When assigning addresses to libraries, start with random address
within architecture dependant virtual address space range. This
can make some buffer overflow attacks slightly harder to
exploit, because libraries are not present on the same addresses
accross different machines. Normally, assigning virtual
addresses starts at the bottom of architecture dependant range.
--
Dan Young dan_young at parkrose.k12.or.us
Parkrose School District Phone: 503-408-2734
More information about the PLUG
mailing list