在MacOS X和iOS中,ASLR究竟随机化了什么 [英] What exactly is randomized with ASLR in MacOS X and iOS
问题描述
在最新Mac OS(10.7)和iOS(6.0)的情况下,是否有人随机链接到文档?
Does anybody have a link to a documentation what exactly is randomized in what cases for latest Mac OS (10.7) and iOS (6.0)?
我的意思是.我想查看列表(类似)
I mean. I want to see a list (something like)
-
代码段(在A,B,C情况下)
Code segment (in a case A,B,C)
堆栈(始终)
堆
数据段(从不)
最好是每个事物具有多少个随机位.
Preferably with how many bits of randomization each thing has.
我所能找到的是:"MacOS Lion实现了完整的ASLR",而在其他地方,完整的ASLR通过不同的操作系统实现了不同的方式",这显然不是很有帮助.
All I can find is something like: "MacOS Lion implements full ASLR" and in other places "full ASLR is implemented different ways for different operation systems", which is obviously not very informative.
推荐答案
您正在寻找的列表可以很容易地由您生成,如下所示:
The list you are looking for can easily be generated by you, as follows:
int global_j = 0;
void main ()
{
char *h = malloc(10);
int j = 0;
printf ("Globals are : %p, text is %p, stack is %p, heap is %p\n",
&global_j, main, &j, h);
}
在山狮上,会产生:
bash-3.2# ./a
Globals are : 0x10fa55020, text is 0x10fa54eb0, stack is 0x7fff501ab864, heap is 0x7f9b294000e0
bash-3.2# ./a
Globals are : 0x106bbe020, text is 0x106bbdeb0, stack is 0x7fff59042864, heap is 0x7f9752c000e0
bash-3.2# ./a
Globals are : 0x108673020, text is 0x108672eb0, stack is 0x7fff5758d864, heap is 0x7fecc34000e0
bash-3.2# ./a
Globals are : 0x1059d2020, text is 0x1059d1eb0, stack is 0x7fff5a22e864, heap is 0x7f8f81c000e0
在所有位置显示足够的随机化(请注意,由于对齐限制,页面内的偏移量不会随机化,但是您仍然可以得到一些16-20位随机化,正如4-5个十六进制数字所暗示的那样)
Showing ample randomization on all (note that due to alignment restrictions the offset within the page doesn't get randomized, but you still get some 16-20-bit randomization, as implied by the 4-5 hex digits which change).
- 内核:从Mountain Lion和iOS6开始,在加载时通过将其滑动"值为vm_kernel_slide来随机化内核.并非所有的vm页面都以这种方式滑动,但是在大多数情况下,这是通过存储一些常量值来实现的(在ML上,但在iOS上,系统调用#439 kas_info也可以读取该值:Apple努力保持随机性)值机密,并且在报告内核地址时不会泄漏它,因此越狱者不会弄清楚他们可以跳转/覆盖的位置-多数情况下对他们有用)
希望这会有所帮助,
TG
这篇关于在MacOS X和iOS中,ASLR究竟随机化了什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
