> why the address of "libc" dynamic loaded is random?
> how and when the random is generate???
The address is randomized in order to make it harder to predict.
This offers some defense against simple malware (successfully coping
with the randomness typically requires additional code in the malware)
and helps reduce some programming errors ("accidental" relationships
between addresses tend not to persist.)
As originally built, nearly all shared libraries have 0==Elf32_Phdr.p_vmaddr.
The code to map a shared library into the address space does
mmap(phdr->p_vmaddr, phdr->p_filesz, ...)
Upon seeing
mmap(0, length, ...)
then the operating system may choose any page-aligned initial address
such that the interval [addr, length + addr) is not yet occupied.
In this case the source of the randomness is the operating sytsem kernel.
There are some efficiencies available (less time and space required
for relocation processing during the invocation of the shared library)
if the addresses of the needed shared libraries have been decided in advance.
The utility program 'prelink' assigns addresses in advance according
to its preferences: no overlap among commonly-used sets of libraries, etc.
Prelink does its job by setting the .p_vmaddr. Upon seeing
mmap(addr, length, ...)
with 0!=addr, then the operating system kernel usually _prefers_
to assign the specified address, but still is permitted to choose some
other address if the interval [addr, length + addr) is not entirely
empty, or for any other reason. [This choice can be inhibited by
the flag bit MAP_FIXED.] In the case of a pre-linked shared library,
then the source of the randomness is prelink. Often prelink
is run periodically (for example, once per day or once per week)
to "re-shuffle" the addresses.
--
FAQ
Search
Profile
Private Messages
Log in
Linux