patch to randomize mmap offsets

Matthew Dillon dillon at
Mon Jan 15 16:06:01 PST 2007

:>     hmm.  I'm not a big fan of OpenBSD's randomization code.  I'm not
:>     rabidly against the patch but it is a bit hackish.  It seems to me
:>     that somthing similar could be implemented simply by having the RTLD
:>     or LIBC code mmap() a randomly sized dead segment, and not have to
:>     build anything into the kernel.
:Wouldn't that result in 2x the syscalls for calling mmap()?(isn't this
:expensive?)  Or do I not understand what you mean?
:Kevin L. Kane

    You could just request more space then you need and randomly offset
    the allocations you do from within that space.  That has the same
    result pretty much.

    Or you could just make a few randomly-sized mmap() calls at the start
    of the program but not on every mmap.  The first few calls will offset
    the address returned by all later calls.

    Similarly you can create a random stack offset by allocating a random
    amount of space on the stack at program start.  There is no need to
    have the kernel do it for you when you can do it yourself (libc, that is).


More information about the Submit mailing list