Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Address Space Layout Randomization (ASLR) is a security protection that randomizes the addresses of a process. By doing this, it requires exploits to have an information leak or get really lucky guessing. ASLR was one of the original memory corruption protections that was added to programs back in the way. In the post, the author discusses an issue with ASLR on Linux and how this incident occurred.

While the author was hacking on a CTF challenge, they stumbled across ASLR not working. From talking to a friend, they noticed that it only happened on libraries that were 2MBs in size. On 32 bits, it didn't work at all. On 64 bit, much of the bits weren't randomized. But why? It must be huge pages if it's 2MB!

Virtual addresses mappings are typically made with 4KB pages. However, in cases where we want better cache hits, Huge Pages can be used with 2MB pages. Instead of 12 bit aligned on 4KB huge pages are 21 bit aligned.

Years ago, some file systems moved to using thp_get_unmapped_area() for backing memory. This function recently had a changed to make allocations of larger than 2MB use huge pages instead. Boom, that's the issue!

The missing bits comes from this; we need a larger alignment than we did with 4KB pages. By having a larger page size much of the randomness was lost. In order to fix this, Ubuntu increased the amount of random bits on an address for 64 bit and 32 bits, giving a lot of randomness back. Overall, a look into accidentally discovering an ASLR issue on Linux.