tags:
  - Cpp

ASLR for Safety (ENG)

Inspired by Malloc in glibc (ENG)

Actually, I really should put this in operating system section......

ASLR: Short for Address Space Layout Randomization

ASLR is a computer security technique. Its primary purpose is to protect against memory corruption vulnerabilities. It is primarily a security feature used to prevent exploitation by making it harder for attackers to predict memory locations.

With ASLR, every time you run your program, the memory mapping will differ. We will demonstrate this phenomenon using an example just a second.

In this brief note, we will continue using the example from the malloc note. If you compile that code and run it multiple times, you will observe that the heap memory layout varies with each execution. This variability is a direct result of ASLR.

du@DVM:~/cpp$ ./proc
Size of struct linked_block is 16 bytes.
The address of first block is: 0x584b0525b6b0
The address of second block is: 0x584b0525b6d0
du@DVM:~/cpp$ ./proc 
Size of struct linked_block is 16 bytes.
The address of first block is: 0x59697921b6b0
The address of second block is: 0x59697921b6d0
du@DVM:~/cpp$ ./proc 
Size of struct linked_block is 16 bytes.
The address of first block is: 0x5659369f46b0
The address of second block is: 0x5659369f46d0
du@DVM:~/cpp$ ./proc 
Size of struct linked_block is 16 bytes.
The address of first block is: 0x61b7291d06b0
The address of second block is: 0x61b7291d06d0

Modern operating systems enable ASLR by default. This is why, each time you run your program, the memory mapping is different. And you can disable ASLR using this:

setarch $(uname -m) -R ./proc

GDB Would Disable ASLR by Default

When running your program in GDB, you will notice that the memory addresses remain consistent across executions. For instance:

(gdb) run
Starting program: /home/du/cpp/proc 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Size of struct linked_block is 16 bytes.
The address of first block is: 0x5555555596b0
The address of second block is: 0x5555555596d0
[Inferior 1 (process 12774) exited normally]

This happens because ASLR is disabled by default in GDB. The reason for this is that GDB is designed for debugging. Consistent memory addresses are very important during debugging to allow for repeatable and predictable analysis of memory-related behaviors.

If you wish, you can enable ASLR in GDB using the following command:

set disable-randomization off