Temporarily disabling Address Space Layout Randomization on Linux en

By Soultaker on Sunday 24 September 2017 15:15 - Comments (0)
Category: Tips & Tricks, Views: 1.417

Address Space Layout Randomization

Address Space Layout Randomization (ASLR) is a kernel feature which causes the kernel to randomize the addresses at which the code and data of a program are loaded, including the addresses of dynamic allocations and memory mappings. The intent is to improve security: when addresses are unpredictable, it is more difficult for attackers to exploit vulnerabilities like buffer overflows, because the code they inject cannot refer to absolute addresses.

However, there is a downside, too: when using memory debuggers (like mtrace) the heap addresses and code locations those tools report are randomized, and it may be difficult to determine what they reference. One way to work around this is to look at the memory maps (e.g. in /proc/${pid}/maps) while the program is running, but this is cumbersome, error-prone and doesn't help if a memory region has already been unmapped or the program has already exited. The easier solution is to temporarily disable ASLR for debugging.

It turns out that in Linux, there are two easy ways to do that. (Note that although many operating systems support ASLR in some form, this post is only about Linux, which happens to be my primary development platform.)

Read more »