Hi,
We are porting some applications from CentOS 4 to CentOS 5, the applications use mmap, and we found out that they sometimes crash in CentOS 5. We found out that this is due to the fact that CentOS 5 does randomization of the address space when loading binaries, libraries, and when using mmap, so that is what's causing our problem.
The thing is, I'm trying to google for it, but I did not find any useful information on ASLR present in CentOS 5/RHEL 5/Linux 2.6.18. If anyone has any good pointers on reliable information on what does that code do, how to configure/tweak it, or how to use mmap properly to work around the issues, I would really appreciate it. In particular, if there is a switch/option that would allow us to disable it for some binaries/libraries only, it would be great, since this could allow us to do the upgrade sooner and try to find the proper fix for the problem later.
Thanks! Filipe
In article e814db780812120659qd384182y8f8c1a69d39c2e2e@mail.gmail.com, Filipe Brandenburger filbranden@gmail.com wrote:
Hi,
We are porting some applications from CentOS 4 to CentOS 5, the applications use mmap, and we found out that they sometimes crash in CentOS 5. We found out that this is due to the fact that CentOS 5 does randomization of the address space when loading binaries, libraries, and when using mmap, so that is what's causing our problem.
The thing is, I'm trying to google for it, but I did not find any useful information on ASLR present in CentOS 5/RHEL 5/Linux 2.6.18. If anyone has any good pointers on reliable information on what does that code do, how to configure/tweak it, or how to use mmap properly to work around the issues, I would really appreciate it. In particular, if there is a switch/option that would allow us to disable it for some binaries/libraries only, it would be great, since this could allow us to do the upgrade sooner and try to find the proper fix for the problem later.
From what I've been able to find, you can disable ASLR completely by
putting the following line in /etc/sysctl.conf:
kernel.randomize_va_space = 0
Alternatively, you can run your program with ASLR disabled by using setarch to invoke it:
setarch `uname -m` -R yourprog <yourprogoptions>
The -R option disables randomisation. You might want to look at the -L option for setarch too (man setarch).
Cheers Tony
Hi,
On Fri, Dec 12, 2008 at 11:10, Tony Mountifield tony@softins.clara.co.uk wrote:
From what I've been able to find, you can disable ASLR completely by putting the following line in /etc/sysctl.conf: kernel.randomize_va_space = 0
Thanks, I had just found that out, we tested it and indeed it works.
Alternatively, you can run your program with ASLR disabled by using setarch to invoke it: setarch `uname -m` -R yourprog <yourprogoptions>
I didn't know about this one, sounds good. I'll have a good look at "man setarch" and also try this out in the next couple of days.
Quick question: from "man setarch", the effect of using -R is "turns on ADDR_NO_RANDOMIZE". Is it possible to use this flag ADDR_NO_RANDOMIZE somewhere that will force that binary to use that option always? I've read something about ELF headers, I wonder if that is something that could be set there, and if it is, how do I change the ELF headers to set it?
Thanks! Filipe
In article e814db780812120817m39bdf309l9591f53c90cb38b1@mail.gmail.com, Filipe Brandenburger filbranden@gmail.com wrote:
Hi,
On Fri, Dec 12, 2008 at 11:10, Tony Mountifield tony@softins.clara.co.uk wrote:
From what I've been able to find, you can disable ASLR completely by putting the following line in /etc/sysctl.conf: kernel.randomize_va_space = 0
Thanks, I had just found that out, we tested it and indeed it works.
Alternatively, you can run your program with ASLR disabled by using setarch to invoke it: setarch `uname -m` -R yourprog <yourprogoptions>
I didn't know about this one, sounds good. I'll have a good look at "man setarch" and also try this out in the next couple of days.
Quick question: from "man setarch", the effect of using -R is "turns on ADDR_NO_RANDOMIZE". Is it possible to use this flag ADDR_NO_RANDOMIZE somewhere that will force that binary to use that option always? I've read something about ELF headers, I wonder if that is something that could be set there, and if it is, how do I change the ELF headers to set it?
I didn't get as far as looking up ADDR_NO_RANDOMIZE, so can't answer your question. But at least it's something more specific to google!
Glad the other suggestion worked.
Cheers Tony
-
Filipe Brandenburger -
tony@softins.clara.co.uk