24

I would like to disable address space layout randomization (ASLR) on my system (Ubuntu Gnu/Linux 2.6.32-41-server), but, if I use

sysctl -w kernel.randomize_va_space=0

the change would affect all users on the system, I presume. (Is this true?) How can I limit the effects of disabling ASLR to myself as a user only, or only to the shell session in which I invoke the command to disable?

BTW, I see that my system's current (default) setting is

kernel.randomize_va_space = 2

Why 2 and not 1 or 3? Where can I find documentation about the numerical values of /proc/sys settings, their ranges, and their meanings? Thanks!

Melebius
  • 6,183
  • 4
  • 39
  • 52
Amittai Aviram
  • 2,270
  • 3
  • 25
  • 32
  • 2
    http://gcc.gnu.org/wiki/Randomization says that `setarch $(uname -m) -RL bash` must work –  Dec 27 '13 at 08:44
  • http://unix.stackexchange.com/questions/15881/disable-address-space-layout-randomization-aslr-for-my-processes || http://askubuntu.com/questions/318315/how-can-i-temporarily-disable-aslr-address-space-layout-randomization – Ciro Santilli OurBigBook.com Jul 28 '15 at 13:28

2 Answers2

37

The best way to disable locally the ASLR on a Linux-based system is to use processes personality flags. The command to manipulate personality flags is setarch with

-R, --addr-no-randomize

Disables randomization of the virtual address space (turns on ADDR_NO_RANDOMIZE).

Here is how to proceed:

$> setarch $(uname -m) -R /bin/bash

This command runs a shell in which the ASLR has been disabled. All descendants of this process will inherit of the personality flags of the father and thus have a disabled ASLR. The only way to break the inheritance of the flags would be to call a setuid program (it would be a security breach to support such feature).

Note that the uname -m is here to not hard-code the architecture of your platform and make this command portable.

You can check that it worked by hitting the following command several times:

#> cat /proc/self/maps

If the memory mapping stay the same, then ASLR has been disabled. If not, then you probably did something wrong.

perror
  • 7,071
  • 16
  • 58
  • 85
  • 1
    How do I check if it worked? Any command to print out the settings? – User 10482 Feb 24 '23 at 19:17
  • Good question, I added a way to check it worked (it is true that I always check it worked like this but I did not mentioned it). – perror Feb 27 '23 at 10:32
  • "You can check that it worked by hitting the following command several times". Just to be clear I have to `restart program -> cat /proc/self/maps` multiple times right? – User 10482 Feb 28 '23 at 16:32
  • 1
    In fact, you do not need to restart the program. The command `cat /proc/self/maps` is just displaying the memory mapping of the `cat` program itself (it is a self reference to it and `cat` is sending it to `stdout`). If the memory mapping is changing between two runs, then the ASLR is still enabled. If it stays static, then it is disabled. – perror Mar 01 '23 at 08:35
16

The documentation for the randomize_va_space sysctl setting is in Documentation/sysctl/kernel.txt in the kernel source tree. Basically,

0 - Turn the process address space randomization off.

1 - Make the addresses of mmap base, stack and VDSO page randomized.

2 - Additionally enable heap randomization.

Cristian Ciupitu
  • 20,270
  • 7
  • 50
  • 76
Andy Ross
  • 11,699
  • 1
  • 34
  • 31
  • 1
    Thanks! That does address my second ("BTW") question above, but I still don't see a way to restrict the effect of sysctl to a single account or shell session. I guess it must be impossible. :-/ – Amittai Aviram Jun 28 '12 at 18:11
  • 1
    Yes, the setting is global. A quick grep shows that there is some (maybe vestigial) code in the "personality" code (handling multiple ABIs) that can do the converse. Setting ADDR_NO_RANDOMIZE flag on the personality field of a task_struct will disable the behavior even when it is globally enabled. But that's probably more kernel voodoo than you want to deal with. – Andy Ross Jun 28 '12 at 19:55