mmap() 熵的 ASLR 位 [英] ASLR bits of Entropy of mmap()
问题描述
我正在研究 x86 系统上 mmap() 的 ASLR 随机化.我在很多地方都读到过用 mmap() 加载的地址有 16 位随机化.
I am studying ASLR randomization of mmap(), on x86 system. I have read in a lot of places that there are 16bits of randomization on the address loaded with mmap().
但在我发现的源代码中:
But in the source code i have found:
static unsigned long mmap_rnd(void)
02 {
03 unsigned long rnd = 0;
04
05 /*
06 * 8 bits of randomness in 32bit mmaps, 20 address space bits
07 * 28 bits of randomness in 64bit mmaps, 40 address space bits
08 */
09 if (current->flags & PF_RANDOMIZE) {
10 if (mmap_is_ia32())
11 rnd = (long)get_random_int() % (1<<8);
12 else
13 rnd = (long)(get_random_int() % (1<<28));
14 }
15 return rnd << PAGE_SHIFT;
16 }
所以,那将只是 8 位的随机性.
So, that would be only 8bits of randomness.
但实际上,运行一些测试,我得到以下地址(stack-heap-mmap)bf937000,09a60000,b774b000
But in fact, running some test, i get the following address (stack-heap-mmap) bf937000,09a60000,b774b000
bfa86000,090ef000,b76e2000
bfa86000,090ef000,b76e2000
如果可以是 b77XX000 和 b76XX000 就超过 16 位了!!!
Its more than 16 bits if it can be b77XX000 and b76XX000!!!!
对此有帮助吗?
推荐答案
PAGE_SHIFT
正在将随机性转移到不同的位位置.您的 mmap
地址之间的区别确实是:
PAGE_SHIFT
is shifting that randomness to a different bit position. The difference between your mmap
addresses is indeed:
b774b000
-b76e2000
---------
69000
我不知道 PAGE_SHIFT
的值是多少,但如果它是 12,那么你有 0x69
差异,完全适合 8 位.
I don't know what the value of PAGE_SHIFT
is, but if it's 12 for example, then you have 0x69
difference which perfectly fits in 8-bits.
这篇关于mmap() 熵的 ASLR 位的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!