Disable and re-enable address space layout randomization only for myself

linux bash aslr virtual-address-space sysctl
20,692

Solution 1

The documentation for the randomize_va_space sysctl setting is in Documentation/sysctl/kernel.txt in the kernel source tree. Basically,

0 - Turn the process address space randomization off.

1 - Make the addresses of mmap base, stack and VDSO page randomized.

2 - Additionally enable heap randomization.

Solution 2

The best way to disable locally the ASLR on a Linux-based system is to use processes personality flags. The command to manipulate personality flags is setarch with

-R, --addr-no-randomize

Disables randomization of the virtual address space (turns on ADDR_NO_RANDOMIZE).

Here is how to proceed:

$> setarch $(uname -m) -R /bin/bash

This command runs a shell in which the ASLR has been disabled. All descendants of this process will inherit of the personality flags of the father and thus have a disabled ASLR. The only way to break the inheritance of the flags would be to call a setuid program (it would be a security breach to support such feature).

Note that the uname -m is here to not hard-code the architecture of your platform and make this command portable.

Share:
20,692

Related videos on Youtube

Amittai Aviram
Author by

Amittai Aviram

Software Engineer.

Updated on July 09, 2022

Comments

  • Amittai Aviram
    Amittai Aviram almost 2 years

    I would like to disable address space layout randomization (ASLR) on my system (Ubuntu Gnu/Linux 2.6.32-41-server), but, if I use

    sysctl -w kernel.randomize_va_space=0

    the change would affect all users on the system, I presume. (Is this true?) How can I limit the effects of disabling ASLR to myself as a user only, or only to the shell session in which I invoke the command to disable?

    BTW, I see that my system's current (default) setting is

    kernel.randomize_va_space = 2

    Why 2 and not 1 or 3? Where can I find documentation about the numerical values of /proc/sys settings, their ranges, and their meanings? Thanks!

  • Amittai Aviram
    Amittai Aviram almost 12 years
    Thanks! That does address my second ("BTW") question above, but I still don't see a way to restrict the effect of sysctl to a single account or shell session. I guess it must be impossible. :-/
  • newpxsn
    newpxsn almost 12 years
    Yes, the setting is global. A quick grep shows that there is some (maybe vestigial) code in the "personality" code (handling multiple ABIs) that can do the converse. Setting ADDR_NO_RANDOMIZE flag on the personality field of a task_struct will disable the behavior even when it is globally enabled. But that's probably more kernel voodoo than you want to deal with.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error: Unknown argument --licenses flutter doctor --android-licenses
Where to execute bash command in visual studio?
/etc/shadow on Mac
Why does my remote process still run after killing an ssh session?
why is this simple FOR LOOP in my Linux bash not working?
What means the -z value in an if expression on a Linux script?
Pass all elements in existing array to xargs
Hiding GitHub token in .gitconfig
BASH: can grep on command line, but not in script
Rename multiple files in bash