The HardenedBSD project started due to the complexity involved in implementing ASLR. I recently joined the HardenedBSD development team, implementing PTrace hardening, arc4random enhancements, getentropy() support, and other userland hardening features. In this article, I’d like to detail ASLR. Let’s start with this simple piece of sam- ple C++ code (compiled with -fPIE -pie): Listing 1.

Executing this sample application multiple times when ASLR is enabled produces this output:

address of da 0x9c2406058 address of da 0x8b8806058 address of da 0x9d7806058

Since the memory layout of the application is randomized, an attacker will have a hard time determining the location in memory where a given vulnerability might reside. Via procstat, you can also see the start address of the concerned binary, for example: