Fixed offset in linux ASLR?

Question

I just printed function addresses and offset between two functions, but the offset is fixed whenever the program is executed (base address is only changed).

Code (test.c)

#include <stdio.h>
#include <stdint.h>
void func() {
    printf("func!\n");
}
void func2() {
    printf("func2!\n");
}
int main() {
    uintptr_t main_addr = main;
    uintptr_t func_addr = func;
    uintptr_t func2_addr = func2;
printf(&quot;main_addr: %p\n&quot;, main_addr);
printf(&quot;func_addr: %p\n&quot;, func_addr);
printf(&quot;func2_addr: %p\n&quot;, func2_addr);
printf(&quot;offset (main - func): %ld\n&quot;, main_addr - func_addr);
printf(&quot;offset (main - func2): %ld\n&quot;, main_addr - func2_addr);

}

Compile

gcc test.c

Result

(1st execution)
main_addr: 0x5578d1296190
func_addr: 0x5578d129616a
func2_addr: 0x5578d129617d
offset (main - func): 38
offset (main - func2): 19
(2nd execution)
main_addr: 0x55bf299d9190
func_addr: 0x55bf299d916a
func2_addr: 0x55bf299d917d
offset (main - func): 38
offset (main - func2): 19
(3rd execution)
main_addr: 0x55ba4767d190
func_addr: 0x55ba4767d16a
func2_addr: 0x55ba4767d17d
offset (main - func): 38
offset (main - func2): 19

My kernel version is 5.4 (i.e., ubuntu 18.04)

So, my questions are:

1. Is this expected behavior(fixed offset) in ubuntu 18.04?
2. How can I make a situation that randomizes not only base address, but also offset.

Thank you

Answer 1

ASLR is about randomizing the layout of dynamically-linked libraries used by your code, not about randomizing within your program. The goal is to prevent an attacker from being able to simply hard-code the location of something like exec into a remote-execution exploit.

To illustrate, two different copies of bash from my computer have libc at different addresses according to /proc/[pid]/maps:

7fd647904000-7fd647a47000 r-xp 00022000 00:12 12970738                   /lib64/libc-2.32.so
7f2b574cd000-7f2b57610000 r-xp 00022000 00:12 12970738                   /lib64/libc-2.32.so

Instead of looking at addresses within your code, try checking the address of a library function, such as printf.