简体繁体 English

如何随机化每个Linux ELF段

[英]How to randomize each segment of Linux ELF

原文 2015-02-16 15:47:36 2 1 linux/ elf/ aslr

We know we can randomize the code,data/stack/heap by compile the code as PIE. 我们知道我们可以通过将代码编译为PIE来随机化代码，数据/堆栈/堆。 While the code and data always have a fixed offset on each loading. 虽然代码和数据在每次加载时总是有固定的偏移量。

Is there a way that by adding some compile/link flags we can set code/data offset a random value? 有没有办法通过添加一些编译/链接标志，我们可以设置代码/数据偏移一个随机值？

1 个解决方案

The ASLR randomization algorithm always rounds to the page boundary , so there is no practical ability to change this at load-time. ASLR随机化算法总是向页面边界舍入，因此没有实际能力在加载时更改它。

If you want to adjust addresses at compile time, you can try altering the function address alignment (eg using -falign-functions=... ); 如果要在编译时调整地址，可以尝试更改函数地址对齐（例如，使用-falign-functions=... ）; but you would be leaving windows in the code that could be used as trampoline locations. 但是你会在代码中留下窗口，可以用作蹦床位置。

Those offsets are defined in the ELF section data, so altering the offsets would involve altering those values before they get to the linker eg by making modifications to the link script. 这些偏移在ELF部分数据中定义，因此改变偏移将涉及在它们到达链接器之前改变这些值，例如通过修改链接脚本。

If you pass -Wl,-verbose, you'll get a dump of the linker script that's used to generate the binary, and you could make adjustments to that script - it's different if you compile a pie file rather than a regular binary. 如果传递-Wl，-verbose，您将获得用于生成二进制文件的链接器脚本的转储，并且您可以对该脚本进行调整 - 如果您编译pie文件而不是常规二进制文件，则会有所不同。

I don't know of any convenient flags that would allow you to alter the offset of the segments. 我不知道任何方便的标志，可以让你改变段的偏移量。 Using the -Ttext option disables ASLR for the code segment, which is exactly the opposite of what you want. 使用-Ttext选项会禁用代码段的ASLR，这与您想要的完全相反。

Mind you, the linked paper seems to indicate that tools could be written to perform this without too much difficulty. 请注意，链接的文件似乎表明可以编写工具来执行此操作而不会有太多困难。