Ubuntu
linux package

NX-emulation ASLR is predictable

Bug #717412 reported by Kees Cook on 2011-02-11

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Confirmed	Medium	Unassigned

Bug Description

On 32bit non-PAE systems, the NX-emulation patch causes shared library and executable ASLR to become predictable due to moving the ranges up into the "ASCII Armor" area prefixed with a high byte of "0". This has been observed multiple times. Some discussion is here: http://<email address hidden>/msg00551.html

Trivial demonstration (from http://<email address hidden>/msg00561.html):

$ for i in $(seq 1 1000); do cat /proc/self/maps | grep 'x.*/lib/.*libc'; done | sort | uniq -c | sort -n
...[768 lines of differing addresses]...
3 00de3000-00f36000 r-xp 00000000 fb:01 130850
/lib/tls/i686/cmov/libc-2.11.1.so
174 00110000-00263000 r-xp 00000000 fb:01 130850
/lib/tls/i686/cmov/libc-2.11.1.so

Kees Cook (kees) on 2011-02-11

visibility:	private → public
Changed in linux (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

NX-emulation ASLR is predictable

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
linux package