Linux has been in active use worldwide both on servers and on client machines, on mobile devices (Android OS) and on various smart devices. A great number of mechanisms that protect against vulnerability exploitation have emerged since the Linux kernel has been created. Those vulnerabilities can be found both in the kernel and user applications. ASLR and stack canary are among such protection mechanisms.
This article looks into the problems in the ASLR implementation in Linux OS of current version (4.15-rc1) that allows one to bypass this protection, partly or fully. It gives an exhaustive description of the problems and provides unique utilities that could demonstrate the described vulnerabilities.
Some important part of any application functionality in OS Linux family implemented in user-mode (not in kernel). That's why GNU Libc library was analysed and found few serious vulnerabilities.
Ilya Smith is a Security Researcher working for Positive Technologies. He has 10 years experience as a CTF player (LC/BC team) as well as 10 years experience in reverse engineering. He holds a computer science masters degree from Tomsk State University. Ilya is experienced in Linux/Mac OS X kernel drivers development, code analysis, vulnerability research and exploration.