codeblog code is freedom — patching my itch

July 3, 2010

gdb turns off ASLR

Filed under: Blogging,Debian,Ubuntu,Ubuntu-Server — kees @ 10:05 am

Starting with GDB version 7, first appearing in Ubuntu with Karmic (Ubuntu 9.10), ASLR is turned off (via the ADDR_NO_RANDOMIZE personality flag) for the debugged process. If you want a more realistic view of how a process will appear in memory, you must “set disable-randomization off” in gdb:

$ gdb /usr/bin/something
...
(gdb) show disable-randomization
Disabling randomization of debuggee's virtual address space is on.
(gdb) start
...
(gdb) ^Z
$ cat /proc/$(pidof /usr/bin/something)/personality
00040000
$ grep 0040000 /usr/include/linux/personality.h
    ADDR_NO_RANDOMIZE =     0x0040000,  /* disable randomization of VA space */
$ fg
(gdb) set disable-randomization off
(gdb) show disable-randomization
Disabling randomization of debuggee's virtual address space is off.
(gdb) start
...
(gdb) ^Z
$ cat /proc/$(pidof /usr/bin/something)/personality
00000000

© 2010, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
CC BY-SA 4.0

6 Comments

  1. *Why* does gdb do this, if it can still debug processes with ASLR turned on?

    Comment by Anonymous — July 3, 2010 @ 11:14 am

  2. I assume it’s so that session-to-session debugging is easier if you’re setting breakpoints, etc.

    Comment by kees — July 3, 2010 @ 11:29 am

  3. Just another reason to always attach with GDB, not start the target process with it. Thanks for the post.

    Comment by person — July 3, 2010 @ 12:19 pm

  4. person: You mean exactly the reverse, right ? GDB won’t be able to turn off ASLR after the process is started (pointer already initialized to randomized memory) despite starting it with GDB. ;)

    Comment by modem — February 26, 2015 @ 2:44 am

  5. I think meant that attaching to processes gives you a better view of their “real” environment, rather than starting them under GDB which may construct an environment better for improved debuggability.

    Comment by kees — February 27, 2015 @ 12:42 pm

  6. If you are using gdbserver on a remote device, then gdb will not be able to enable ASLR. For that, specify “–no-disable-randomization” when running gdbserver instead.

    Comment by Koutheir Attouchi — February 8, 2018 @ 8:23 am

Powered by WordPress