Interesting. Out of curiosity, is there any correlation between programming paradigms and the predictability of of low-level details? I would imagine that a “boring” C program with one big chunk of mutable state would be predictable in this sense. What about programs developed in functional languages with immutable data structures?
> I would imagine that a “boring” C program with one big chunk of mutable state would be predictable in this sense.
It likely wouldn't. ASLR will choose a random load address for the module (.so or .exe), which means that main() wouldn't be at a predetermined address. The heap and stack would similarly have arbitrary offsets. Furthermore, any other modules that get loaded would be at arbitrary addresses. Ultimately, even "hello world" should become extremely randomized, provided ASLR is enabled for the process.
ASLR prevents attacks arusing due to known addresses in virtual memory because they are otherwise reliably predictable (just run the program, attach a debugger, and find the addresses that you care about).
I think the idea is that (ideally) these low level details are unpredictable even for a boring C program. I.e., when the C program calls malloc, it doesn't actually need to know what the exact format of the heap is. And if every running system has a slightly different format of heap and stack, that makes it harder to write exploits which will work across all of that variation. Can't smash the stack if you don't know how its formatted.
