Inventor UCL wrote:
>
> Hi All,
>
> I noticed something when playing around with exploits on linux and wanted to ask if anyone knows more about it.
>
> When I run the same test program with the same envp/argv that just prints its esp, it outputs a different value everytime.
On some linux (depends on kernel version and features), this is just a fact:
the stack address changes from process to process. It doesn't vary a lot (lets say around 1,2,3 or 4 pages (x4096 bytes). This doesn't have to do with any security patch (although this might be another reason, as Valdis Kletnieks) explained.
As a friend explained to me, on some linux kernels they had some kind of problem when running on a multiprocessor boxes, and they "solved" it by randomizing stack addresses... that's pretty much what I know... I also know that when writing exploits, not only padding is unexpectedly added, but also the addresses can randomly change (the solution is absolutely different when the change is not the result of a security patch, mainly because the deltas are not so big).
gera
Received on Mar 15 2004
Intro
