linuxexploitaslr

Can the stack adress be deduced from the heap adress (or vice-versa) with ASLR?


Does the Linux kernel allocate one big range, and let the heap and stack grow in opposite directions at the start/end adresses of this range, so that if you know the adress of one of them you know the other, or are the two areas independant ?


Solution

  • No, it does not, for security reasons. If they were related in any way it would be a severe security flaw.

    On the other hand, libc is the one responsible of allocating this two areas using mmap(), not kernel... or at least not directly. Each area has its own call to mmap() (including libraries), and the kernel gives partially random addresses for each call. You can see in /proc/$pid/maps the different areas allocated for a specific program with $pid as process id.