Why would modern OS allocate static addresses or why is ASLR still needed?

Information Security Asked by ios learner on February 11, 2021

I have a question about ASLR which allocates randomized addresses for things. Based on my understanding (which might be wrong), a modern OS has pretty complicated memory management mechanisms and it seems REALLY challenging to allocate the same address for the same program every single time. In other words, by intuition, I feel like randomized address should be the default behavior, and to allocate static address would require some effort.

Is this understanding completely wrong? Or the OS allocates separate address space for each process so that in each address space the process always gets its comfortable static address by default?

One Answer

Most modern systems have a Memory Management Unit, or MMU. The MMU is responsible for translating physical addresses to virtual addresses. This is used to give each process its own private virtual memory. One process' address X is not the same as another process' address X. This improves performance, security, and reduces the risk of crashes, but it also has the benefit of being usable to implement ASLR. While data may be placed in non-random addresses in physical memory, the system is free to place the data anywhere it wants in a process' virtual memory.

When a process is first created, the only real memory it has access to is the stack, which is limited and is not meant to be used for general purposes. Whenever a non-trivial amount of memory is required, the process needs to use the heap. The only way to do this is to request memory from the kernel via a system call. This system call is given a few arguments specifying the amount of memory it wants, the type of memory, etc. The call returns the base address of some freshly allocated memory of the size specified. One of the things ASLR does is cause this base address to be unpredictable. When ASLR is disabled, allocated memory is placed in predictable locations.

ASLR does more than just randomize the base of allocated memory. When a binary is executed, the dynamic linker connects it to all the shared libraries it needs. Although any given library is kept in only one place in physical memory, the system is able to translate it to a virtual address for each process that uses it. This address translation is done for efficiency reasons, but ASLR makes additional use of it by ensuring the virtual address is random. An executable specially compiled as a Position-Independent Executable (PIE) can call library functions even though the library's base address is randomized.

This is not all ASLR does, and certain security-focused operating systems (OpenBSD, HardenedBSD, Linux with grsecurity/PaX patches, etc.) use a form of ASLR that does even more.

Answered by forest on February 11, 2021

Add your own answers!

Related Questions

Jenkins malicious process identification

2  Asked on October 28, 2021 by nemanja-martinovic


Does encrypted content in a database need to be signed?

1  Asked on October 28, 2021 by ian-warburton


WhatsApp account got “hacked”/hijacked?

1  Asked on October 28, 2021 by d-a-vorm


iCloud deletion

1  Asked on October 28, 2021 by mp115


Difference between Zeek (Bro) and Snort 3

2  Asked on October 28, 2021 by ustavsaat


Help Understanding PHP Reverse Shells

1  Asked on October 28, 2021 by pdawg


Refresh token using a separate auth server?

0  Asked on October 28, 2021


Is the perfect MITM attack possible?

1  Asked on October 28, 2021 by user238715


What attack vectors does arbitrary JS on a user profile allow?

2  Asked on October 28, 2021 by sellarafaeli


Processing Exceptionally High Volume Singular Flows

1  Asked on March 9, 2021 by reedghost


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP