Permalink
Browse files

Implement basic ASLR

  • Loading branch information...
lattera committed Jun 29, 2013
1 parent 75a53f1 commit d524dad71542ceec8f399a12a1b569f4b23c6604
Showing with 8 additions and 4 deletions.
  1. +3 −1 sys/kern/kern_exec.c
  2. +5 −3 sys/vm/vm_mmap.c
View
@@ -1246,6 +1246,7 @@ exec_copyout_strings(imgp)
size_t execpath_len;
int szsigcode, szps;
char canary[sizeof(long) * 8];
unsigned int sgap;
szps = sizeof(pagesizes[0]) * MAXPAGESIZES;
/*
@@ -1263,7 +1264,8 @@ exec_copyout_strings(imgp)
if (p->p_sysent->sv_szsigcode != NULL)
szsigcode = *(p->p_sysent->sv_szsigcode);
}
destp = (caddr_t)arginfo - szsigcode - SPARE_USRSPACE -
sgap=(unsigned int)(ALIGN(arc4random()&((64*1024)-1)));
destp = (caddr_t)arginfo - szsigcode - SPARE_USRSPACE - sgap -
roundup(execpath_len, sizeof(char *)) -
roundup(sizeof(canary), sizeof(char *)) -
roundup(szps, sizeof(char *)) -
View
@@ -284,9 +284,11 @@ sys_mmap(td, uap)
if (addr == 0 ||
(addr >= round_page((vm_offset_t)vms->vm_taddr) &&
addr < round_page((vm_offset_t)vms->vm_daddr +
lim_max(td->td_proc, RLIMIT_DATA))))
addr = round_page((vm_offset_t)vms->vm_daddr +
lim_max(td->td_proc, RLIMIT_DATA));
lim_max(td->td_proc, RLIMIT_DATA)))) {
addr = round_page((vm_offset_t)vms->vm_daddr +
lim_max(td->td_proc, RLIMIT_DATA));
addr = round_page(addr + (arc4random()&(256*1024*1024-1)));
}
PROC_UNLOCK(td->td_proc);
}
if (flags & MAP_ANON) {

0 comments on commit d524dad

Please sign in to comment.