是的malloc确定性? [英] Is malloc deterministic?
问题描述
为的malloc 确定的?说,如果我有一个分叉过程,就是另一个进程的复制品,并在某些时候他们俩叫的malloc 功能。将所分配的地址在两个进程一样吗?假设执行的其他部分也是确定性的。
Is malloc deterministic? Say If I have a forked process, that is, a replica of another process, and at some point both of them call the malloc function. Would the address allocated be the same in both processes? Assuming that other parts of execution are also deterministic.
注意:在这里,我只谈论虚拟内存,而不是身体上的
Note: Here, I'm only talking about virtual memory, not physical one.
推荐答案
有是没有理由为它是确定性的,其实可以有一些好处岂不是确定性的,例如的增加了开发的复杂性漏洞(见本文)。
There is no reason at all for it to be deterministic, in fact there can be some benefit to it not being deterministic, for example increasing the complexity of exploiting bugs (see also this paper).
这随机性可以在做攻击更难写有帮助的。成功利用缓冲区溢出通常需要做两件事情:
This randomness can be helpful at making exploits harder to write. To successfully exploit a buffer overflow you typically need to do two things:
- 提供一个有效载荷送入一个predictable /已知的内存位置
- 原因执行跳转到该位置
如果存储位置未predictable使得该跳转可以成为相当多的困难。
If the memory location is unpredictable making that jump can become quite a lot harder.
从相关的报价标准§7.20.3.3/ 2:
The relevant quote from the standard §7.20.3.3/2:
malloc函数为对象,其大小为分配空间
由size指定,其值是不确定的。
The malloc function allocates space for an object whose size is specified by size and whose value is indeterminate
如果它是有意让它确定性的话,将被明确表述为这样的。
If it were the intention to make it deterministic then that would be clearly stated as such.
的即使它看起来确定性今天我不会将其与新的内核或更新的libc / GCC版本,那么剩余投注。的
这篇关于是的malloc确定性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
