How does gdb disable randomization for a single process?

Question

I came from this link: Force gdb to load shared library at randomized address and I learned that gdb will disable ASLR for the current process.

But the only way I know to disable ASLR is to do it globally via echo 0 > /proc/sys/kernel/randomize_va_space.

Now I'm wondering how does gdb disable ASLR on startup, and only for the current process?

EDIT

As ssbssa suggested, I wrote a program to test it:

#include <stdio.h>
#include <unistd.h>
#include <sys/personality.h>

int main(int argc, char **argv)
{
    char *argv2[] = { argv[0], "test", "\0" };

    if (argc == 1)
    {
        char *data = malloc(20);
        printf("pid %d\n", getpid());
        printf("heap allocated at %p\n", data);
        printf("system() at %p\n", system);
        puts("exit in 100s");
        sleep(100);
        exit(0);
    }

    personality(ADDR_NO_RANDOMIZE);
    execvp(argv2[0], argv2);
}

And the process map is:

# cat /proc/1997932/maps
00400000-00401000 r--p 00000000 fc:01 430424                             /root/no-aslr
00401000-00402000 r-xp 00001000 fc:01 430424                             /root/no-aslr
00402000-00403000 r--p 00002000 fc:01 430424                             /root/no-aslr
00403000-00404000 r--p 00002000 fc:01 430424                             /root/no-aslr
00404000-00405000 rw-p 00003000 fc:01 430424                             /root/no-aslr
01352000-01373000 rw-p 00000000 00:00 0                                  [heap]
7f222f928000-7f222f94a000 r--p 00000000 fc:01 394264                     /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222f94a000-7f222fac2000 r-xp 00022000 fc:01 394264                     /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222fac2000-7f222fb10000 r--p 0019a000 fc:01 394264                     /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222fb10000-7f222fb14000 r--p 001e7000 fc:01 394264                     /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222fb14000-7f222fb16000 rw-p 001eb000 fc:01 394264                     /usr/lib/x86_64-linux-gnu/libc-2.31.so

See [this answer](https://stackoverflow.com/a/30385370/1983398) for how it works, and [here](https://sourceware.org/git/?p=binutils-gdb.git;a=blob;f=gdb/nat/linux-personality.c;hb=ecb915b4de7569027ad78bd3e24873bb92cb8e32#l43) where this is done in gdb. — ssbssa, Sep 12 '22 at 05:35
@ssbssa Thanks! Those links helped a lot, but it seems like only stack ASLR is disabled, but heap and other libraries are still randomized. Please see my edited question. You can also run the program on your server to test it: `gcc -no-pie test.c -o test` — daisy, Sep 12 '22 at 07:15

How does gdb disable randomization for a single process?

0 Answers0