HOWTO: Test for Address Space Randomization in GNU/Linux
Address space layout randomization (ASLR) is a simple process for making stack-smashing attacks less likely to succeed. By placing binary code into somewhat-random virtual addresses, vulnerable code is placed into different locations; hostile code has no guarantee that its target vulnerability resides at any particular address.
A very simple hack in the GNU ELF loader/linker, documented in the ld.so(8) manual page, shows one of the randomized addresses. By setting the LD_SHOW_AUXV environment variable, the ld.so linker will dump the information in the Linux auxiliary vector, including the base address for shared object libraries. The following CLI command will expose this address:
( LD_SHOW_AUXV=yes ls ) | grep AT_BASE
If the address changes, your system is using ASLR. If your particular Linux installation does not use address space randomization, then repeated invocations of this command will show the same base addresses for linked libraries, meaning:
- Insecure code can reside at a predictable address, therefore
- Your system is more vulnerable to attack.
Most desktop Linux distributions are configured with ASLR; if yours is not, I strongly suggest you file a bug report for your distribution developer(s).
You can view other Linux auxiliary vector values with a simple LD_SHOW_AUXV=yes ls in a shell/terminal. The Linux ld.so program can display more information through even more environment variables; see ld.so(8).
Nota bene: There is no guarantee that environment variables affecting ld.so at this writing will continue to do so; check your distribution’s online documentation to be sure.