ASLR: Randomized malloc()


Did you know that the addresses of objects allocated by
malloc() are fairly predictable?

Two types of objects are managed by malloc()

    Smaller than a page:

    malloc() maintains buckets of "chunks"
    Randomize chunk selection out of bucket
    Enabled using /etc/malloc.conf 'G' option (still required?)

    Equal or greater than a page:

    Rely on random mmap()