Prelink and address space randomization
Posted Jul 7, 2006 16:19 UTC (Fri) by jzbiciak
(✭ supporter ✭
In reply to: Prelink and address space randomization
Parent article: Prelink and address space randomization
BTW, it's the fact that the same shared copy of the library can be loaded at different addresses for different processes that requires dynamic libraries to use Position Independent Code (PIC).
Now, what might be interesting is a selectively applied address randomization. For instance, tell the kernel that for some list of UIDs, apply address randomization, and for the rest, use a default address map.
So, for instace, an average desktop with eleventy billion programs running the desktop environment, etc., all running as a non-privileged user--those can all benefit from prelink. Any system services running in the background with elevated privileges or a network-facing component, such as sshd, CUPS, a webserver, whatever... those should all run with address randomization.
And, if some program seems to be problematic wrt. to buffer overflows? Perhaps allow marking it to be randomized as well regardless of UID. (Perhaps extended fs attributes are a good way to denote this?)
to post comments)