SQ18111
Detected Linux executable files that do not implement the ASLR vulnerability mitigation protection.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
pass | high | low | None | hardening: warning Reason: baseline mitigations missing |
About the issueโ
ASLR (address-space layout randomization) is a mitigation technique that increases the difficulty of performing buffer-overflow attacks that require the attacker to know the address of the program in memory. This is done by loading the program at a randomly selected address in the process' address space. ASLR-enabled kernels can choose a random load address only for position-independent executables and code.
How to resolve the issueโ
- To support ASLR, the program must be compiled as position-independent code. In most compilers, this is done by passing the corresponding position-independent flag, such as -fPIC for shared libraries or -fPIE for executables.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Address space layout randomization (External resource - IBM)