codeblog code is freedom — patching my itch

7/3/2010

gdb turns off ASLR

Filed under: Blogging,Debian,Ubuntu,Ubuntu-Server — kees @ 10:05 am

Starting with GDB version 7, first appearing in Ubuntu with Karmic (Ubuntu 9.10), ASLR is turned off (via the ADDR_NO_RANDOMIZE personality flag) for the debugged process. If you want a more realistic view of how a process will appear in memory, you must “set disable-randomization off” in gdb:

$ gdb /usr/bin/something
...
(gdb) show disable-randomization
Disabling randomization of debuggee's virtual address space is on.
(gdb) start
...
(gdb) ^Z
$ cat /proc/$(pidof /usr/bin/something)/personality
00040000
$ grep 0040000 /usr/include/linux/personality.h
    ADDR_NO_RANDOMIZE =     0x0040000,  /* disable randomization of VA space */
$ fg
(gdb) set disable-randomization off
(gdb) show disable-randomization
Disabling randomization of debuggee's virtual address space is off.
(gdb) start
...
(gdb) ^Z
$ cat /proc/$(pidof /usr/bin/something)/personality
00000000

© 2010, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5 Comments »

  1. *Why* does gdb do this, if it can still debug processes with ASLR turned on?

    Comment by Anonymous — 7/3/2010 @ 11:14 am

  2. I assume it’s so that session-to-session debugging is easier if you’re setting breakpoints, etc.

    Comment by kees — 7/3/2010 @ 11:29 am

  3. Just another reason to always attach with GDB, not start the target process with it. Thanks for the post.

    Comment by person — 7/3/2010 @ 12:19 pm

  4. person: You mean exactly the reverse, right ? GDB won’t be able to turn off ASLR after the process is started (pointer already initialized to randomized memory) despite starting it with GDB. ;)

    Comment by modem — 2/26/2015 @ 2:44 am

  5. I think meant that attaching to processes gives you a better view of their “real” environment, rather than starting them under GDB which may construct an environment better for improved debuggability.

    Comment by kees — 2/27/2015 @ 12:42 pm

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress