What does ASLR do for Linux?

Address Space Layout Randomization (ASLR) is a memory-protection process for operating systems (OSes) that guards against buffer-overflow attacks. It helps to ensure that the memory addresses associated with running processes on systems are not predictable and, thus, flaws or vulnerabilities associated with these processes will be more difficult to exploit. ASLR is used today on Linux, Windows and MacOS systems. It was first implemented on Linux in 2005. In 2007, the technique was deployed on Microsoft Windows and MacOS. While ASLR provides the same function on each of these operating systems, it is implemented differently on each OS.

The effectiveness of ASLR is dependent on the entirety of the address space layout remaining unknown to the attacker. In addition, only executables that are compiled as Position Independent Executable (PIE) programs will be able to claim the maximum protection from ASLR technique because all sections of the code will be loaded at random locations. PIE machine code will execute properly regardless of its absolute address.

ASLR limitations

In spite of ASLR making exploitation of system vulnerabilities more difficult, its role in protecting systems is limited. It’s important to understand that ASLR:

  • doesn’t resolve vulnerabilities, but makes exploiting them more of a challenge,
  • doesn’t track or report vulnerabilities,
  • doesn’t offer any protection for binaries that are not built with ASLR support, and
  • isn’t immune to circumvention

How ASLR works

ASLR increases the control-flow integrity of a system by making it more difficult for an attacker to execute a successful buffer-overflow attack by randomizing the offsets it uses in memory layouts.

ASLR works considerably better on 64-bit systems as these systems provide much greater entropy (randomization potential).

Is ASLR working on your Linux system?

Either of the two commands shown below will tell you whether ASLR is enabled on your system.