11. Kernel Address Space Layout Randomization (KASLR)

Kernel Address Space Layout Randomization (KASLR)

Kernel Address Space Layout Randomization (KASLR) is a security feature implemented in modern operating systems, including Linux, to mitigate memory-based attacks by randomizing the location of kernel memory.

Lab Activity: Demonstrating KASLR Impact

In this lab activity, we'll demonstrate the impact of KASLR by attempting to exploit a vulnerability without and with KASLR enabled.

Without KASLR Enabled

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>

#define VULN_ADDR 0xdeadbeef  // Vulnerable function address without KASLR

void vulnerable_function() {
    printf("Vulnerable function called!\n");
}

int main() {
    vulnerable_function();  // Exploiting vulnerable function
    return 0;
}

With KASLR Enabled

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>

#define VULN_ADDR 0xdeadbeef  // Vulnerable function address with KASLR

void vulnerable_function() {
    printf("Vulnerable function called!\n");
}

int main() {
    void *mapped_addr = mmap((void *)VULN_ADDR, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
    if (mapped_addr == MAP_FAILED) {
        perror("mmap failed");
        exit(EXIT_FAILURE);
    }

    vulnerable_function();  // Exploiting vulnerable function
    return 0;
}

In the second code snippet, we attempt to mmap the vulnerable function at a fixed address. However, with KASLR enabled, the address space layout is randomized, and the mmap operation may fail.