ret2libc blues? try "Prelink"...

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Post Reply
User avatar
Posts: 512
Joined: 21 Apr 2017, 15:59
Distribution: fullmoonremix

ret2libc blues? try "Prelink"...

Post#1 by n0ctilucient » 10 Feb 2018, 13:26

Since libraries move around in memory, there is a performance penalty for resolution. This penalty increases for each additional library needing resolution. Prelinking reduces this penalty by resolving libraries by linking in advance. Afterward, resolution only occurs if the libraries have changed since being prelinked, such as following perhaps an upgrade.

...prelink will (when run with the "-R" option) randomly select the address base that libraries are loaded at. This makes it more difficult to perform a return-to-libc attack on the system, because the addresses used are unique to that system.

see... Prelink: Linux
Package is @... ... e=#results
Source is @...

Mileage many vary... this tactic is best used with Musl (which in the event of a "leaking" exploit is immune to Return-to-libc attack ).

I believe it's best to use the -a -C -f -R parameters.

Prelink contains "exestack". For extra src2pkg "hardening" it should be set to off...
Src2pkg.conf w/ "hardened" EXTRA_FLAGS
The package maintainer can turn off execstack when linking the app by  
adding "-Wl,-z,noexecstack" to the LDFLAGS (or CFLAGS) in the Makefile.

:hmmm: I do NOT have the "right" to tell anyone what they should do...
but I reserve the "right" to tell them what they should "consider".

Post Reply