Seonglae ChoAddress Space Layout Randomization
ASLR is a technique that makes memory attacks difficult by placing the addresses of stacks, heaps, libraries, etc. randomly in the process address space, so that the address of the data changes every time it is executed.
Probabilistic defense against code reuse attacks which make base address of each segment randomized. As a results, Attackers cannot statically find code addresses. The executable must be PIE (PositionIndependent Executable)
Relative differences remain the same between addresses since ASLR is large-scale global randomizing. Every function address is randomized, and it is required to find the function address at runtime, which is implemented cursorily. There are several implementations, and there is always a tradeoff balance between security and performance for the compiler.
Linux ASLR level
randomize_va_space=0: Disable ASLR
randomize_va_space=1: Random stack & Random library
randomize_va_space=2: Random stack & Random library & Random heap
/etc/sysctl.confBypassing ASLR via Position-Independent ROP
Partial pointer overwrite
GOT Section 과 일정한 offset으로 우회가능
