Unlimiting the stack not longer disables ASLR

Prize: National/international honour

Description

Google rewarded us for removing the possibility to disable the ASLR in the Linux kernel for 32-bit apps. Any user, able to run 32-bit applications in a x86 machine, could disable the ASLR by setting the RLIMIT_STACK resource to unlimited. Which was a problem when executing privileged application (i.e. setuid/setgid executables). Now, the ASLR can no longer be disabled.
OrganisationsGoogle Inc.

Keywords

  • Cybersecurity
  • ASLR
  • Linux

    Fingerprint