[Bug 139436] Re: [Security] Heap and PIE randomization

Stephen Cook sitiveni at gmail.com
Mon Apr 6 13:04:40 UTC 2009


*** This bug is a duplicate of bug 139435 ***
    https://bugs.launchpad.net/bugs/139435

I marked the bug as duplicate.  It's a similar bug to #139435.  On
jaunty, I believe intrepid introduced it (via linux kernel upgrade) all
memory maps are randomized apart from the executable (unless PIE which
very few things are) and vsyscall.

Example 1:
00400000-00408000 r-xp 00000000 08:15 5824608                            /bin/cat
00607000-00608000 r--p 00007000 08:15 5824608                            /bin/cat
00608000-00609000 rw-p 00008000 08:15 5824608                            /bin/cat
01a92000-01ab3000 rw-p 01a92000 00:00 0                                  [heap]
7f4b6f56e000-7f4b6f6d6000 r-xp 00000000 08:15 3039422                    /lib/libc-2.9.so
7f4b6f6d6000-7f4b6f8d6000 ---p 00168000 08:15 3039422                    /lib/libc-2.9.so
7f4b6f8d6000-7f4b6f8da000 r--p 00168000 08:15 3039422                    /lib/libc-2.9.so
7f4b6f8da000-7f4b6f8db000 rw-p 0016c000 08:15 3039422                    /lib/libc-2.9.so
7f4b6f8db000-7f4b6f8e0000 rw-p 7f4b6f8db000 00:00 0 
7f4b6f8e0000-7f4b6f900000 r-xp 00000000 08:15 3039248                    /lib/ld-2.9.so
7f4b6f9b5000-7f4b6f9f4000 r--p 00000000 08:15 5185537                    /usr/lib/locale/en_NZ.utf8/LC_CTYPE
7f4b6f9f4000-7f4b6fadf000 r--p 00000000 08:15 5185539                    /usr/lib/locale/en_NZ.utf8/LC_COLLATE
7f4b6fadf000-7f4b6fae1000 rw-p 7f4b6fadf000 00:00 0 
7f4b6faeb000-7f4b6faec000 r--p 00000000 08:15 5472564                    /usr/lib/locale/en_NZ.utf8/LC_NUMERIC
7f4b6faec000-7f4b6faed000 r--p 00000000 08:15 5185538                    /usr/lib/locale/en_NZ.utf8/LC_TIME
7f4b6faed000-7f4b6faee000 r--p 00000000 08:15 5472317                    /usr/lib/locale/en_NZ.utf8/LC_MONETARY
7f4b6faee000-7f4b6faef000 r--p 00000000 08:15 5472568                    /usr/lib/locale/en_NZ.utf8/LC_MESSAGES/SYS_LC_MESSAGES
7f4b6faef000-7f4b6faf0000 r--p 00000000 08:15 5472565                    /usr/lib/locale/en_NZ.utf8/LC_PAPER
7f4b6faf0000-7f4b6faf1000 r--p 00000000 08:15 5472563                    /usr/lib/locale/en_NZ.utf8/LC_NAME
7f4b6faf1000-7f4b6faf2000 r--p 00000000 08:15 5472318                    /usr/lib/locale/en_NZ.utf8/LC_ADDRESS
7f4b6faf2000-7f4b6faf3000 r--p 00000000 08:15 5472319                    /usr/lib/locale/en_NZ.utf8/LC_TELEPHONE
7f4b6faf3000-7f4b6faf4000 r--p 00000000 08:15 5472561                    /usr/lib/locale/en_NZ.utf8/LC_MEASUREMENT
7f4b6faf4000-7f4b6fafb000 r--s 00000000 08:15 5455999                    /usr/lib/gconv/gconv-modules.cache
7f4b6fafb000-7f4b6fafc000 r--p 00000000 08:15 5472320                    /usr/lib/locale/en_NZ.utf8/LC_IDENTIFICATION
7f4b6fafc000-7f4b6faff000 rw-p 7f4b6fafc000 00:00 0 
7f4b6faff000-7f4b6fb00000 r--p 0001f000 08:15 3039248                    /lib/ld-2.9.so
7f4b6fb00000-7f4b6fb01000 rw-p 00020000 08:15 3039248                    /lib/ld-2.9.so
7fff77aec000-7fff77b01000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff77bff000-7fff77c00000 r-xp 7fff77bff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Example 2:
00400000-00408000 r-xp 00000000 08:15 5824608                            /bin/cat
00607000-00608000 r--p 00007000 08:15 5824608                            /bin/cat
00608000-00609000 rw-p 00008000 08:15 5824608                            /bin/cat
016da000-016fb000 rw-p 016da000 00:00 0                                  [heap]
7f0f26ac0000-7f0f26c28000 r-xp 00000000 08:15 3039422                    /lib/libc-2.9.so
7f0f26c28000-7f0f26e28000 ---p 00168000 08:15 3039422                    /lib/libc-2.9.so
7f0f26e28000-7f0f26e2c000 r--p 00168000 08:15 3039422                    /lib/libc-2.9.so
7f0f26e2c000-7f0f26e2d000 rw-p 0016c000 08:15 3039422                    /lib/libc-2.9.so
7f0f26e2d000-7f0f26e32000 rw-p 7f0f26e2d000 00:00 0 
7f0f26e32000-7f0f26e52000 r-xp 00000000 08:15 3039248                    /lib/ld-2.9.so
7f0f26f07000-7f0f26f46000 r--p 00000000 08:15 5185537                    /usr/lib/locale/en_NZ.utf8/LC_CTYPE
7f0f26f46000-7f0f27031000 r--p 00000000 08:15 5185539                    /usr/lib/locale/en_NZ.utf8/LC_COLLATE
7f0f27031000-7f0f27033000 rw-p 7f0f27031000 00:00 0 
7f0f2703d000-7f0f2703e000 r--p 00000000 08:15 5472564                    /usr/lib/locale/en_NZ.utf8/LC_NUMERIC
7f0f2703e000-7f0f2703f000 r--p 00000000 08:15 5185538                    /usr/lib/locale/en_NZ.utf8/LC_TIME
7f0f2703f000-7f0f27040000 r--p 00000000 08:15 5472317                    /usr/lib/locale/en_NZ.utf8/LC_MONETARY
7f0f27040000-7f0f27041000 r--p 00000000 08:15 5472568                    /usr/lib/locale/en_NZ.utf8/LC_MESSAGES/SYS_LC_MESSAGES
7f0f27041000-7f0f27042000 r--p 00000000 08:15 5472565                    /usr/lib/locale/en_NZ.utf8/LC_PAPER
7f0f27042000-7f0f27043000 r--p 00000000 08:15 5472563                    /usr/lib/locale/en_NZ.utf8/LC_NAME
7f0f27043000-7f0f27044000 r--p 00000000 08:15 5472318                    /usr/lib/locale/en_NZ.utf8/LC_ADDRESS
7f0f27044000-7f0f27045000 r--p 00000000 08:15 5472319                    /usr/lib/locale/en_NZ.utf8/LC_TELEPHONE
7f0f27045000-7f0f27046000 r--p 00000000 08:15 5472561                    /usr/lib/locale/en_NZ.utf8/LC_MEASUREMENT
7f0f27046000-7f0f2704d000 r--s 00000000 08:15 5455999                    /usr/lib/gconv/gconv-modules.cache
7f0f2704d000-7f0f2704e000 r--p 00000000 08:15 5472320                    /usr/lib/locale/en_NZ.utf8/LC_IDENTIFICATION
7f0f2704e000-7f0f27051000 rw-p 7f0f2704e000 00:00 0 
7f0f27051000-7f0f27052000 r--p 0001f000 08:15 3039248                    /lib/ld-2.9.so
7f0f27052000-7f0f27053000 rw-p 00020000 08:15 3039248                    /lib/ld-2.9.so
7fff2f03e000-7fff2f053000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff2f1ff000-7fff2f200000 r-xp 7fff2f1ff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]


** This bug has been marked a duplicate of bug 139435
   [Security] PIE executables

-- 
[Security] Heap and PIE randomization
https://bugs.launchpad.net/bugs/139436
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux-meta in ubuntu.




More information about the kernel-bugs mailing list