Contributed by phessler on 2016-04-25 from the dont cry over spilled registers dept.

Theo (deraadt@) writes in to the tech@ mailing list, with a clever idea that we would like to try.

This change randomizes the order of symbols in libc.so at boot time.



This is done by saving all the independent .so sub-files into an ar archive, and then relinking them into a new libc.so in random order, at each boot. The cost is less than a second on the systems I am using.



For now, this is only done for libc, because it is generally the most gadget heavy library; spilled registers are more likely to point within the libc segment; and also the gadgets are close to system call stubs. As a result of the change, gadgets are no longer found at fixed offsets from spilled registers.

More details are available on tech@ . Please check the thread for any replies or updates.