Starting with GDB version 7, first appearing in Ubuntu with Karmic (Ubuntu 9.10), ASLR is turned off (via the ADDR_NO_RANDOMIZE personality flag) for the debugged process. If you want a more realistic view of how a process will appear in memory, you must “set disable-randomization off” in gdb:
$ gdb /usr/bin/something
...
(gdb) show disable-randomization
Disabling randomization of debuggee's virtual address space is on.
(gdb) start
...
(gdb) ^Z
$ cat /proc/$(pidof /usr/bin/something)/personality
00040000
$ grep 0040000 /usr/include/linux/personality.h
ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */
$ fg
(gdb) set disable-randomization off
(gdb) show disable-randomization
Disabling randomization of debuggee's virtual address space is off.
(gdb) start
...
(gdb) ^Z
$ cat /proc/$(pidof /usr/bin/something)/personality
00000000
© 2010, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
*Why* does gdb do this, if it can still debug processes with ASLR turned on?
Comment by Anonymous — July 3, 2010 @ 11:14 am
I assume it’s so that session-to-session debugging is easier if you’re setting breakpoints, etc.
Comment by kees — July 3, 2010 @ 11:29 am
Just another reason to always attach with GDB, not start the target process with it. Thanks for the post.
Comment by person — July 3, 2010 @ 12:19 pm
person: You mean exactly the reverse, right ? GDB won’t be able to turn off ASLR after the process is started (pointer already initialized to randomized memory) despite starting it with GDB. ;)
Comment by modem — February 26, 2015 @ 2:44 am
I think meant that attaching to processes gives you a better view of their “real” environment, rather than starting them under GDB which may construct an environment better for improved debuggability.
Comment by kees — February 27, 2015 @ 12:42 pm
If you are using gdbserver on a remote device, then gdb will not be able to enable ASLR. For that, specify “–no-disable-randomization” when running gdbserver instead.
Comment by Koutheir Attouchi — February 8, 2018 @ 8:23 am