tags:

views:

1021

answers:

3
+3  Q: 

How to disable address space randomization for a binary on Linux?

I'm working on a runtime system for parallel programs that can take advantage of a common address space layout across multiple processes, potentially spread over several (thousand) nodes. Many times, software built for this environment is run on Linux systems that have address space randomization enabled by default, and users may not want or be able to disable it system-wide (via sysctl -w kernel.randomize_va_space=0 and the like). This imposes some limitations on the parallel programs, and can hurt performance. Thus, we want to figure out how to disable it for the binaries that we build. Security is not an issue, as this software is always running in controlled environments.

I've found references to various flags and variables, like ET_EXEC, EF_AS_NO_RANDOM (apparently never merged?) and PF_RANDOMIZE, but I can't find any document that describes what I can do to set these flags. An ideal answer would tell me what compiler/assembler/linker flag will disable randomization for the resulting binary, and what versions of the tool-chain/kernel this works on. Next best would be a tool that does the same after a binary is built.

Since I'm sure someone will suggest it, I'm already aware that we can make this change at runtime with setarch -R, but it's preferable to record this in the executable.

It looks like paxctl -rx ought to do the trick, but it doesn't seem to apply to the current method used in kernels that don't include the PaX patches.

A: 

Is there some reason you can't map a shared memory space or use a named FIFO?

greyfade  2009-09-21 18:09:24
There is. We're running across multiple nodes.
Novelocrat  2009-09-21 18:18:03
A: 

At least some earlier versions of ASLR in the Linux kernel preserved offsets when forking. Rather than disabling randomization for your processes, might you simply be able to arrange them under a parent/child process hierarchy that kept the offsets the same between instances of the binary forked by the same parent?

rcoder  2009-09-21 18:12:06
No, we can't, because these processes are running across multiple nodes. Thread migration is much easier when we don't have to jump through hoops to manually synchronize the address space.
Novelocrat  2009-09-21 18:17:27
+1  A: 

Presumably you have some kind of daemon which invokes your parallel programs on the nodes. If so, you can make this common parent disable ASLR for any child processes it creates.

Look in GDB sources (7.0 or CVS Head) for how to do that. The gist of it is to call personality(orig_personality|ADDR_NO_RANDOMIZE) after fork and before exec.

Employed Russian  2009-09-22 15:02:19
I'll investigate and try this now.
Novelocrat  2009-09-22 18:41:03
Seems to have worked. Thanks!
Novelocrat  2009-09-22 20:08:54

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?