Pseudo-random stack pointer under Linux?

Question

I was playing around with some code when I noticed something strange:

[~] main% cat test.cc
#include <stdio.h>

void f()
{
    int i;
    fprintf(stderr, "&i = 0x%08X\n", (long)&i);
}

int main(int argc, char**argv)
{
    f();
}
[~] main% g++ test.cc
[~] main% ./a.out
&i = 0xBFA27AB4
[~] main% ./a.out
&i = 0xBFAD7E24
[~] main% ./a.out
&i = 0xBFCA3464
[~] main% ./a.out
&i = 0xBF96C064
[~] main%

The odd thing to me is the variation in the address of the variable i.

My guess is that the kernel supplies different stack start addresses to try to thwart some kind of crack. What's the real reason?

Answer 1

Address space layout randomisation is used on several operating systems for precisely this reason. Your variation in stack pointer addresses may well be caused by this - very likely to be the case on recent versions of Linux and or *BSD. IIRC recent versions of Windows do this as well.