1

running sysctl -a --pattern "randomize"=2, so the data segemnt is supposed to be randomized also but cat maps always seems to randomize vdso stack and other kernal provided mappings only. These are first 2 entries of process maps file refering for .text and .data

cat maps
00400000-00402000 r-xp 00000000 08:07 14569655 
00402000-00403000 rwxp 00002000 08:07 14569655

I halted application so i can read maps file by running it in gdb with set disable-randomization off.The source code i use is:

section .data
    name: db "k"
section .text
global _start
_start:
end:    mov rax, 60
        mov rdi, 0
        syscall

built and linked as:

ld sand.o -o sand
nasm -g -F DWARF -f elf64 -o sand.o sand.asm

another side question, I guess that .text cant be randomized since there is no need for it as it's read, right or wrong ?

KMG
  • 1,433
  • 1
  • 8
  • 19
  • 1
    The distance between .text and other segments is a link-time constant, that's why RIP-relative addressing works. Non-PIE executables can only ASLR the stack. – Peter Cordes Oct 04 '20 at 15:22
  • 1
    Only position independent executabes (PIE) can have their load address randomized. Even then, only the entire executable image can be relocated in memory, moving the `.data` and `.text` and all other loaded sections together. – Ross Ridge Oct 04 '20 at 15:24
  • @peterCordes I still can't understand why this isnt PIC when i'm not referencing any memory so can't the linker do some fixups at load time (like relocating). I know i have lots of confusion on how these things work. and how to fix above code to be PIC. – KMG Oct 04 '20 at 15:36
  • Yes, that code could be linked into a PIE executable, if you use the right option for `ld`. That isn't the default. – Peter Cordes Oct 04 '20 at 22:20

0 Answers0