Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.6k views
in Technique[技术] by (71.8m points)

gcc - How to disable address space randomization for a binary on Linux?

I'm working on a runtime system for parallel programs that can take advantage of a common address space layout across multiple processes, potentially spread over several (thousand) nodes. Many times, software built for this environment is run on Linux systems that have address space randomization enabled by default, and users may not want or be able to disable it system-wide (via sysctl -w kernel.randomize_va_space=0 and the like). This imposes some limitations on the parallel programs, and can hurt performance. Thus, we want to figure out how to disable it for the binaries that we build. Security is not an issue, as this software is always running in controlled environments.

I've found references to various flags and variables, like ET_EXEC, EF_AS_NO_RANDOM (apparently never merged?) and PF_RANDOMIZE, but I can't find any document that describes what I can do to set these flags. An ideal answer would tell me what compiler/assembler/linker flag will disable randomization for the resulting binary, and what versions of the tool-chain/kernel this works on. Next best would be a tool that does the same after a binary is built.

Since I'm sure someone will suggest it, I'm already aware that we can make this change at runtime with setarch -R, but it's preferable to record this in the executable.

It looks like paxctl -rx ought to do the trick, but it doesn't seem to apply to the current method used in kernels that don't include the PaX patches.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Presumably you have some kind of daemon which invokes your parallel programs on the nodes. If so, you can make this common parent disable ASLR for any child processes it creates.

Look in GDB sources (7.0 or CVS Head) for how to do that. The gist of it is to call personality(orig_personality|ADDR_NO_RANDOMIZE) after fork and before exec.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...