Contributed by phessler on from the dont cry over spilled registers dept.
This change randomizes the order of symbols in libc.so at boot time.More details are available on tech@. Please check the thread for any replies or updates.
This is done by saving all the independent .so sub-files into an ar archive, and then relinking them into a new libc.so in random order, at each boot. The cost is less than a second on the systems I am using.
For now, this is only done for libc, because it is generally the most gadget heavy library; spilled registers are more likely to point within the libc segment; and also the gadgets are close to system call stubs. As a result of the change, gadgets are no longer found at fixed offsets from spilled registers.
(Comments are closed)