In trying to understand ASLR, I built this simple program:

#include <stdio.h> #include <stdlib.h> int main() { printf("%p\n", &system); return 0; } 

ALSR seems to be enabled:

$ cat /proc/sys/kernel/randomize_va_space 2 

and I used GCC to compile the program:

$ gcc aslrtest.c 

Every time I run this program, it prints the same address (0x400450).

I would expect this program to print a different address each time if glibc is loaded at a random address. This is surprising to me, especially given that preventing return-to-libc attacks is supposed to be a primary motivation for ASLR (in particular the system() call).

Am I wrong in expecting that the address of system() should be randomized? Or is there likely something wrong with my configuration?