关闭Linux内存地址随机化机制
关闭Linux内存地址随机化机制
关闭Linux 内存地址随机化机制, 禁用进程地址空间随机化.可以将进程的mmap的基址,stack和vdso页面地址固定下来. 可以通过设置kernel.randomize_va_space内核参数来设置内存地址随机化的行为.目前randomize_va_space的值有三种,分别是[0,1,2]
0 - 表示关闭进程地址空间随机化。
1 - 表示将mmap的基址,stack和vdso页面随机化。
2 - 表示在1的基础上增加栈(heap)的随机化。
# echo 0 >/proc/sys/kernel/randomize_va_space
通过用下面这个程序,可以检查是否修改成功(x86_64):
// gcc -g stack.c -o stack
//
unsigned long sp(void){ asm("mov %rsp, %rax");}
int main(int argc, char **argv)
{
unsigned long esp = sp();
printf("Stack pointer (ESP : 0x%lx)\n",esp);
return 0;
}
关闭前运行结果
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fff50162e50)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fff5d023730)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7ffff9982180)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffb23612a0)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7ffffd5a4980)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffbac61bf0)
关闭后运行结果
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffffffeaf0)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffffffeaf0)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffffffeaf0)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffffffeaf0)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffffffeaf0)
-bash-4.1# ./stack
Stack pointer (ESP : 0x7fffffffeaf0)
参考:
http://en.wikipedia.org/wiki/Address_space_layout_randomization
http://xorl.wordpress.com/2011/01/16/linux-kernel-aslr-implementation/
评论暂时关闭