我知道ulimit -s无限制的技巧(修复libc的地址)但是我不明白背后的事实,任何人都可以帮我解释一下?〜
谢谢
解决方法:
根据bash手册页
ulimit provides control over the resources available to the shell and to processes started by it, on systems that allow such control.
-s标志定义最大堆栈大小.
所以ulimit -s unlimited删除了堆栈大小的最大限制,这启用了传统的mmap功能.
On 32 bit systems “ulimit -s unlimited” disables the randomization of the mmap()-ing because of the following code in the kernel at arch/x86/mm/mmap.c:
static int mmap_is_legacy(void)
{
if (current->personality & ADDR_COMPAT_LAYOUT)
return 1;
if (rlimit(RLIMIT_STACK) == RLIM_INFINITY)
return 1;
return sysctl_legacy_va_layout;
}
标签:security,linux,stack-overflow,exploit
来源: https://codeday.me/bug/20190703/1368998.html