Re: Enabling hardened build flags for Wheezy

[Kees Cook <kees@debian.org>]

On Thu, Mar 01, 2012 at 06:16:14PM +0100, Arno Töll wrote:
> On 01.03.2012 18:11, Arno Töll wrote:
> > The vanilla kernel itself has some ASLR protection as well,
> > although I think it is still not enabled by default in Debian (and
> > is perhaps
>               ^^^^^^^^^^^^^^^^^^
> 
> KiBi corrected me. It is, sorry.

FWIW, here's a quick way to see if stuff is running with ASLR. This will
show you what memory regions are _not_ being randomized:

$ diff -u <(cat /proc/self/maps) <(cat /proc/self/maps) | grep ^" "

 00400000-0040d000 r-xp 00000000 fb:00 17301639                           /bin/cat
 0060d000-0060e000 r--p 0000d000 fb:00 17301639                           /bin/cat
 0060e000-0060f000 rw-p 0000e000 fb:00 17301639                           /bin/cat
 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

In this case, the sections for the "cat" ELF are not randomized because
"cat" wasn't built with PIE. And the vsyscall on amd64, but that's not
very important, and there are even patches coming to randomize that too,
so no worries there.

Some architectures do not have mmap ASLR, so in that case, all the
libraries will be in the same place too. (And any arch without mmap ASLR
also has no text (PIE) ASLR.)

-Kees

-- 
Kees Cook                                            @debian.org