On 07/12/2014 15:50, Joe Awni wrote:
> Question about ASLR: Matteo Panella writes, "but that [ASLR?] does *not*
> change the overall layout of executable pages - again, it's set in stone
> by the compiler,"
>
> besides, "overall layout." Why cant the pages of a statically linked
> binary be just as randomized by the OS as a dynamically linked binary?
Because it would break relative offsets within the same executable mapping.
Granted, PaX's RANDEXEC can (painfully[1]) randomize fixed-position
execs (and thus even statically linked executables), but it has a
significant cost.
[1]:
https://pax.grsecurity.net/docs/randexec.txt
Regards,
--
Matteo Panella