Where does the stack of each program begin in memory?

I understand that there is randomize address space option which will randomly choose an address. If the option is disabled, does each program start from the same address?

What if we open two terminals and run two programs concurrently; will the system use same beginning address for the stacks of the two programs (by overwriting the the previous program's stack and loading the current program's stack in the same location during context switch)?

What if I run a program by calling an exec()-family function like in the following example; will there be different stack for this program and a different stack for "vulnerable" program? Or there will just be a different stack frame for vulnerable on top of the calling program's stack?

int main(int argc, char *argv[]) {
  char *buff, *ptr;
  int i;
  bsize  = atoi(argv[1]);

  if (!(buff = malloc(bsize))) {
    printf("Can't allocate memory.\n");
  for (i = 0; i < bsize; i+=4)
    buff[i] = '0';

  execl("/home/amulya/Desktop/CMPE209/HWs/HW2/vulnerable","vulnerable", buff, NULL);
+2  A: 

The answer really depends on the OS and arch you are using. It appears you are using a *nix variant, and odds are that means Linux.

For Linux, before randomization became standard, the default was just short of where kernel space began. On my x86 system, the region used for stack is (with ASLR disabled) by default: bffea000 - c0000000

NOTE: the value I provided is not necessarily accurate for all systems, but that's what it is for my system.

On modern Linux systems the stack will be at a fairly random address. You can verify this by running this several times in a row:

cat /proc/self/maps | grep "\[stack\]"

If the option is disabled, I would expect all programs stacks to default to the same location (the end of user space).

Running a program with exec replaces your address space with the new program's; this will include the stack, so it'll end up in the same location as any other program run. Think about it: your shell program has to do a fork/exec to run the program just the same as your program will does...

Evan Teran
Thanks for the reply. I ran some experiments today and found out that the vulnerable program's stack is built on top(at a lower address i.e assuming top is towards lower addresses) of the calling program's stack. I say this because the memory address allocated for a variable in vulnerable(vulnerable has only one variable so there is no chance that its frame could be bigger than the calling program's frame) is on a lower address than the calling program's esp.
+5  A: 

You need to learn about Virtual Memory. Yes, it's likely that if an OS does not have Address Space Layout Randomization (ASLR) that all programs will have their stack at the same VIRTUAL address. but that doesn't mean the OS has to move the previous program's stack just to context switch to another program, because via virtual memory it just needs to make sure the two programs have the same base VIRTUAL address, but each virtual address can have a different PHYSICAL location. (this is whole paragraph is entirely dependent on the OS),

As to your second question, execve replaces the current running program with the program to be executed, this includes replacing the current text/data segments as well as the stack, so the program executed will not see the previous program's stack.