Linux 仅为我自己禁用和重新启用地址空间布局随机化
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11238457/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Disable and re-enable address space layout randomization only for myself
提问by Amittai Aviram
I would like to disable address space layout randomization (ASLR) on my system (Ubuntu Gnu/Linux 2.6.32-41-server), but, if I use
我想在我的系统(Ubuntu Gnu/Linux 2.6.32-41-server)上禁用地址空间布局随机化(ASLR),但是,如果我使用
sysctl -w kernel.randomize_va_space=0
the change would affect all users on the system, I presume. (Is this true?) How can I limit the effects of disabling ASLR to myself as a user only, or only to the shell session in which I invoke the command to disable?
我想这个变化会影响系统上的所有用户。(这是真的吗?)我如何才能将禁用 ASLR 的影响限制为仅作为用户的我自己,或者仅限制我调用命令禁用的 shell 会话?
BTW, I see that my system's current (default) setting is
顺便说一句,我看到我系统的当前(默认)设置是
kernel.randomize_va_space = 2
Why 2 and not 1 or 3? Where can I find documentation about the numerical values of /proc/sys settings, their ranges, and their meanings? Thanks!
为什么是 2 而不是 1 或 3?在哪里可以找到有关 /proc/sys 设置的数值、范围和含义的文档?谢谢!
采纳答案by Andy Ross
The documentation for the randomize_va_spacesysctlsetting is in Documentation/sysctl/kernel.txtin the kernel source tree. Basically,
randomize_va_spacesysctl设置的文档Documentation/sysctl/kernel.txt位于内核源代码树中。基本上,
0 - Turn the process address space randomization off.
1 - Make the addresses of mmap base, stack and VDSO page randomized.
2 - Additionally enable heap randomization.
0 - 关闭进程地址空间随机化。
1 - 使 mmap 基址、堆栈和 VDSO 页的地址随机化。
2 - 另外启用堆随机化。
回答by perror
The best way to disable locally the ASLR on a Linux-based system is to use processes personality flags. The command to manipulate personality flags is setarchwith
在基于 Linux 的系统上本地禁用 ASLR 的最佳方法是使用进程个性标志。操纵个性标志的命令是setarch与
-R,--addr-no-randomizeDisables randomization of the virtual address space (turns on ADDR_NO_RANDOMIZE).
-R,--addr-no-randomize禁用虚拟地址空间的随机化(打开 ADDR_NO_RANDOMIZE)。
Here is how to proceed:
以下是如何进行:
$> setarch $(uname -m) -R /bin/bash
This command runs a shell in which the ASLR has been disabled. All descendants of this process will inherit of the personality flags of the father and thus have a disabled ASLR. The only way to break the inheritance of the flags would be to call a setuid program (it would be a security breach to support such feature).
此命令运行已禁用 ASLR 的 shell。此过程的所有后代都将继承父亲的个性标志,因此拥有禁用的 ASLR。破坏标志继承的唯一方法是调用 setuid 程序(支持此类功能将违反安全性)。
Note that the uname -mis here to not hard-code the architecture of your platform and make this command portable.
请注意,uname -m这里不是硬编码平台架构并使此命令可移植。
