41

I'm trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their corresponding values, however, the object addresses are randomized and this defeats the purpose of this quick check up. Is there a way to disable this temporarily/permanently so that I get the same values every time I run the program.

Oops. OS is Linux fsttcs1 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 23:42:43 UTC 2011 x86_64 GNU/Linux

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
0fnt
  • 8,211
  • 9
  • 45
  • 62

3 Answers3

49

On Ubuntu , it can be disabled with...

echo 0 > /proc/sys/kernel/randomize_va_space

On Windows, this post might be of some help...

http://blog.didierstevens.com/2007/11/20/quickpost-another-funny-vista-trick-with-aslr/

Brandon Frohbieter
  • 17,563
  • 3
  • 40
  • 62
44

To temporarily disable ASLR for a particular program you can always issue the following (no need for sudo)

setarch `uname -m` -R ./yourProgram
Stephen
  • 2,613
  • 1
  • 24
  • 42
  • 2
    I found that `setarch` finds the output of `uname -m` disagreeable on ARM systems (e.g. Raspberry Pi). But `setarch linux32 -R ./yourProgram` works great. – Ben Voigt Apr 22 '13 at 15:28
  • 12
    A nice variant is `setarch \`uname -m\` -R $SHELL`. That spawns a shell with ASLR disabled, and any command you run from that shell will also have ASLR disabled. – ntc2 Dec 05 '13 at 02:24
  • Oh nice! I like that a lot! – Stephen Dec 13 '13 at 18:18
10

You can also do this programmatically from C source before a UNIX exec.

If you take a look at the sources for setarch (here's one source):

http://code.metager.de/source/xref/linux/utils/util-linux/sys-utils/setarch.c

You can see if boils down to a system call (syscall) or a function call (depending on what your system defines). From setarch.c:

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

On my CentOS 6 64-bit system, it looks like it uses a function (which probably calls the self-same syscall above). Take a look at this snippet from the include file in /usr/include/sys/personality.h (as referenced as <sys/personality.h> in the setarch source code):

/* Set different ABIs (personalities).  */
extern int personality (unsigned long int __persona) __THROW;

What it boils down to, is that you can, from C code, call and set the personality to use ADDR_NO_RANDOMIZE and then exec (just like setarch does).

#include <sys/personality.com>

#ifndef HAVE_PERSONALITY
# include <syscall.h>
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

...

void mycode() 
{
   // If requested, turn off the address rand feature right before execing
   if (MyGlobalVar_Turn_Address_Randomization_Off) {
     personality(ADDR_NO_RANDOMIZE);
   } 
   execvp(argv[0], argv); // ... from set-arch.
}

It's pretty obvious you can't turn address randomization off in the process you are in (grin: unless maybe dynamic loading), so this only affects forks and execs later. I believe the Address Randomization flags are inherited by child sub-processes?

Anyway, that's how you can programmatically turn off the address randomization in C source code. This may be your only solution if you don't want the force a user to intervene manually and start-up with setarch or one of the other solutions listed earlier.

Before you complain about security issues in turning this off, some shared memory libraries/tools (such as PickingTools shared memory and some IBM databases) need to be able to turn off randomization of memory addresses.

rts1
  • 1,416
  • 13
  • 15