发表新帖
发表新帖

Disable randomization of memory addresses

前端 未结
关注
3 1739
一个人的身影
一个人的身影 2020-11-29 00:07

I\'m trying to debug a binary that uses a lot of pointers. Sometimes for seeing output quickly to figure out errors, I print out the address of objects and their correspondi

3条回答
  • 天命终不由人
    天命终不由人 (楼主)
    2020-11-29 00:55

    You can also do this programmatically from C source before a UNIX exec.

    If you take a look at the sources for setarch (here's one source):

    http://code.metager.de/source/xref/linux/utils/util-linux/sys-utils/setarch.c

    You can see if boils down to a system call (syscall) or a function call (depending on what your system defines). From setarch.c:

    #ifndef HAVE_PERSONALITY
# include 
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

    On my CentOS 6 64-bit system, it looks like it uses a function (which probably calls the self-same syscall above). Take a look at this snippet from the include file in /usr/include/sys/personality.h (as referenced as in the setarch source code):

    /* Set different ABIs (personalities).  */
extern int personality (unsigned long int __persona) __THROW;

    What it boils down to, is that you can, from C code, call and set the personality to use ADDR_NO_RANDOMIZE and then exec (just like setarch does).

    #include 

#ifndef HAVE_PERSONALITY
# include 
# define personality(pers) ((long)syscall(SYS_personality, pers))
#endif

...

void mycode() 
{
   // If requested, turn off the address rand feature right before execing
   if (MyGlobalVar_Turn_Address_Randomization_Off) {
     personality(ADDR_NO_RANDOMIZE);
   } 
   execvp(argv[0], argv); // ... from set-arch.
}

    It's pretty obvious you can't turn address randomization off in the process you are in (grin: unless maybe dynamic loading), so this only affects forks and execs later. I believe the Address Randomization flags are inherited by child sub-processes?

    Anyway, that's how you can programmatically turn off the address randomization in C source code. This may be your only solution if you don't want the force a user to intervene manually and start-up with setarch or one of the other solutions listed earlier.

    Before you complain about security issues in turning this off, some shared memory libraries/tools (such as PickingTools shared memory and some IBM databases) need to be able to turn off randomization of memory addresses.

    0 讨论(0)
 看不清?
提交回复
热议问题