During the development of the ASLR-NG we needed to measure the real entropy of the ASLR. Peter Busser wrote the paxtest tool, which is a nice an powerful tool but does not provide enough statistical information about the entropy provided by the ASLR. Then we decided to develop ASLRA.
ASLRA is in beta state. We will release it as soon as we have enough time to clean the code.
ASLRA is a statistical tool specially designed to measure all the parameters that determine the quality of ASLR implementations. It is composed of two applications:
The sampler is executed in the target system (the one to be analyzed). It launches thousands of processes to collect information about a set of given memory objects: Arguments, Stack, Heap, Exec, Libs, Hugepages, etc. The raw results are written to a file, which will later be processed.
The samples has been optimized to run as much samples as possible in parallel, which allows to collect enough samples to have representative results.
The output of the analyzer is a set of HTML pages that can be easily studied using a web browser. We have tried to make the interface very interactive and easy to understand.
ASLR calculates the following parameters:
We are working on the co-entropy between objects. It is a mathematical challenge due to the huge range of the distributions in 64-bit systems, which makes it hard to estimate the conditional entropy when the number of samples is reduced (just a few millions out of 247).
Also, documentation is still pending.
Also we plan to port the sampler to OS X.
The following patch fixes the issue (the issue also present in 0.9.14):
diff -rupN paxtest-0.9.13/getmain.c paxtest-0.9.13.fixed/getmain.c --- paxtest-0.9.13/getmain.c 2015-03-06 11:03:25.218686546 +0100 +++ paxtest-0.9.13.fixed/getmain.c 2015-03-06 11:16:41.614669807 +0100 @@ -7,10 +7,9 @@ #include #include -void foo(void) +void __attribute__ ((noinline)) foo(void) { printf( "%p\n", __builtin_return_address(0) ); - } int main( int argc, char *argv[] )