In July 1998, solar designer published a linux kernel
to make the stack non-executable. It also changes the default address that
shared libraries are
mmap‘ed at so that it always contain a zero byte. While this
is not ASLR, since it’s about changing memory offset to change security
properties, it’s not entirely off-topic here.
The term ASLR (Address Space Layout Randomisation) was coined in July 2001 by pipacs. Its original design covered:
- binaries, via RANDEXEC, August 2001
- files and anonymous mappings (binary and libraries) as well as the
mmap(via RANDMMAP, August 2001.
brkrandomization was added in July 2003
Add a possibility to add a random offset to the stack on exec. This makes it slightly harder to write generic buffer overflows. This doesn’t really give any real security, but it raises the bar for script-kiddies and it’s really cheap.
The feature was enabled by default in February 2002.
In March 2003,
RANDMMAP were ported to alpha, sparc,
sparc64, and parisc.
mmap and libraries landed in OpenBSD
3.4 in November 2003.
It’s interesting to note that in KASLR: An Exercise in Cargo Cult Security, pipacs said, in 2013:
ASLR was always meant to be a temporary measure and its survival for this long speaks much less to its usefulness than our inability to get our collective acts together and develop/deploy actual defenses against the remaining exploit techniques.
He also said, in 2011:
for ASLR, it’s really obscurity that we use because its cost/benefit ratio is very low due to its low cost, not due to its high benefit ;). in other words, when it works, we got it for free basically, when it doesn’t, nothing is lost that wasn’t lost already.
In February 2019, spender said:
Because the history of ASLR didn’t magically start in 2005 and browser developers ignored its threat model (or did not care, ‘it raises the bar’ etc) – it’s not useful when you effectively provide an arbitrary computation environment with the ability to influence memory layout
OpenBSD’s claim of being the “first widely used operating system to provide ASLR by default” is a bit dubious, as it’s unclear whether they had/have more users than Gentoo Hardened or Adamantix. It’s also interesting to note that OpenBSD doesn’t actually have ASLR, but ASR, as highlighted by Shawn Webb. The difference it that the different sections are mapped at a random address, but with a constant delta between them, making it prone to, amongst others, things like offset2lib. But ASR is still way better than the per-boot ASLR from OSX and iOS, Windows and Android.
As a side note, OpenBSD’s kernel stack isn’t randomized,
OpenBSD randomizing everything is neat, and forces attackers to find/create better leaks. But nowadays, all the modern operating systems have those kind of mitigations, are are now focusing on killing bugs exploitable when an attacker has some reading capabilities.