RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 06:07:34 +00:00
Code Issues Activity Actions

Kernel: Add a random offset to the base of the per-process VM allocator

Browse source 
This is not ASLR, but it does de-trivialize exploiting the ELF loader
which would previously always parse executables at 0x01001000 in every
single exec(). I've taken advantage of this multiple times in my own
toy exploits and it's starting to feel cheesy. :^)
This commit is contained in:
Andreas Kling 2020-01-17 23:05:37 +01:00
parent 536c0ff3ee
commit a850a89c1b
3 changed files with 25 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Kernel/VM/RangeAllocator.cpp
View file

@ -1,11 +1,16 @@
#include <AK/QuickSort.h>
#include <Kernel/Random.h>
#include <Kernel/VM/RangeAllocator.h>
#include <Kernel/kstdio.h>
//#define VRA_DEBUG
#define VM_GUARD_PAGES
RangeAllocator::RangeAllocator(VirtualAddress base, size_t size)
RangeAllocator::RangeAllocator()
{
}
void RangeAllocator::initialize_with_range(VirtualAddress base, size_t size)
{
m_available_ranges.append({ base, size });
#ifdef VRA_DEBUG
@ -13,9 +18,9 @@ RangeAllocator::RangeAllocator(VirtualAddress base, size_t size)
#endif
}
RangeAllocator::RangeAllocator(const RangeAllocator& parent_allocator)
: m_available_ranges(parent_allocator.m_available_ranges)
void RangeAllocator::initialize_from_parent(const RangeAllocator& parent_allocator)
{
m_available_ranges = parent_allocator.m_available_ranges;
}
RangeAllocator::~RangeAllocator()