More Address Space Tweaks


Stackgap

Random 8-byte alignment for top of stack
Wastes at most 1 page of real memory
Wastes random(N) pages of process address space
Admin can adjust range ...

Shared library order

Map shared libraries in different order every time
Matters more when a program uses many libraries: ie. sshd(8)

Randomized addresses for shared libraries

For pre-configured libraries, we know how large they are
Attempt to map them randomly within the address space

Very cheap; painful for attacker
Not foolproof, but a hurdle
No programs are affected