43

I'm trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their corresponding values, however, the object addresses are randomized and this defeats the purpose of this quick check up. Is there a way to disable this temporarily/permanently so that I get the same values every time I run the program.

Oops. OS is Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux

Improve this question
1

3 Answers 3

Reset to default
52
+50

On Ubuntu , it can be disabled with...

echo 0 > /proc/sys/kernel/randomize_va_space

On Windows, this post might be of some help...

http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/

Improve this answer
1
  • 2
    Thanks. This was a life saver debugging an application so I gave you an extra 50.
    – hsanders
    Commented Jul 16, 2012 at 19:11
45
+50

To temporarily disable ASLR for a particular program you can always issue the following (no need for sudo)

setarch `uname -m` -R ./yourProgram
Improve this answer
3
  • 2
    I found that setarch finds the output of uname -m disagreeable on ARM systems (e.g. Raspberry Pi). But setarch linux32 -R ./yourProgram works great.
    – Ben Voigt
    Commented Apr 22, 2013 at 15:28
  • 12
    A nice variant is setarch `uname -m` -R $SHELL. That spawns a shell with ASLR disabled, and any command you run from that shell will also have ASLR disabled.
    – ntc2
    Commented Dec 5, 2013 at 2:24
  • Oh nice! I like that a lot!
    – Stephen
    Commented Dec 13, 2013 at 18:18
10

You can also do this programmatically from C source before a UNIX exec.

If you take a look at the sources for setarch (here's one source):

http://code.metager.de/source/xref/linux/utils/util-linux/sys-utils/setarch.c

You can see if boils down to a system call (syscall) or a function call (depending on what your system defines). From setarch.c:

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

On my CentOS 6 64-bit system, it looks like it uses a function (which probably calls the self-same syscall above). Take a look at this snippet from the include file in /usr/include/sys/personality.h (as referenced as <sys/personality.h> in the setarch source code):

/* Set different ABIs (personalities).  */
extern int personality (unsigned long int __persona) __THROW;

What it boils down to, is that you can, from C code, call and set the personality to use ADDR_NO_RANDOMIZE and then exec (just like setarch does).

#include <sys/personality.com>

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

...

void mycode() 
{
   // If requested, turn off the address rand feature right before execing
   if (MyGlobalVar_Turn_Address_Randomization_Off) {
     personality(ADDR_NO_RANDOMIZE);
   } 
   execvp(argv[0], argv); // ... from set-arch.
}

It's pretty obvious you can't turn address randomization off in the process you are in (grin: unless maybe dynamic loading), so this only affects forks and execs later. I believe the Address Randomization flags are inherited by child sub-processes?

Anyway, that's how you can programmatically turn off the address randomization in C source code. This may be your only solution if you don't want the force a user to intervene manually and start-up with setarch or one of the other solutions listed earlier.

Before you complain about security issues in turning this off, some shared memory libraries/tools (such as PickingTools shared memory and some IBM databases) need to be able to turn off randomization of memory addresses.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.