【随笔】地址空间布局随机化randomize_va_space

最新推荐文章于 2023-11-29 13:28:01 发布

原创最新推荐文章于 2023-11-29 13:28:01 发布 · 2.3k 阅读

2 ·

CC 4.0 BY-SA版权

linux 同时被 3 个专栏收录

33 篇文章

订阅专栏

计算机基础

21 篇文章

订阅专栏

Linux运维

10 篇文章

订阅专栏

本文介绍了Linux内核中的Address Space Layout Randomization（ASLR）技术，包括其作用和默认设置。通过调整/proc/sys/kernel/randomize_va_space，用户可以临时或永久改变ASLR的级别。为确保应用程序兼容性，更改设置后应进行测试。若需禁用特定程序的ASLR，可使用特定命令。

部署运行你感兴趣的模型镜像

内核文档（Address Space Layout Randomization）：

randomize_va_space

This option can be used to select the type of process address space randomization that is used in the system, for architectures that support this feature.

0 Turn the process address space randomization off. This is the default for architectures that do not support this feature anyways, and kernels that are booted with the “norandmaps” parameter.

1 Make the addresses of mmap base, stack and VDSO page randomized. This, among other things, implies that shared libraries will be loaded to random addresses. Also for PIE-linked binaries, the location of code start is randomized. This is the default if the CONFIG_COMPAT_BRK option is enabled.

Additionally enable heap randomization. This is the default if CONFIG_COMPAT_BRK is disabled.

There are a few legacy applications out there (such as some ancient versions of libc.so.5 from 1996) that assume that brk area starts just after the end of the code+bss. These applications break when start of the brk area is randomized. There are however no known non-legacy applications that would be broken this way, so for most systems it is safe to choose full randomization.

Systems with ancient and/or broken binaries should be configured with CONFIG_COMPAT_BRK enabled, which excludes the heap from process address space randomization.

地址空间布局随机化默认是开启的，开启了之后进程的虚拟地址空间布局就不再是默认布局，vm_area_struct链接成的结构大概就是这样的：

GNU Linux中修改ASLR的方法：

You can change the setting temporarily by writing a new value to , for example: /proc/sys/kernel/randomize_va_space

# echo value > /proc/sys/kernel/randomize_va_space

To change the value permanently, add the setting to , for example: /etc/sysctl.conf

kernel.randomize_va_space = value

and run the sysctl -p command.

If you change the value of , you should test your application stack to ensure that it is compatible with the new setting. randomize_va_space

If necessary, you can disable ASLR for a specific program and its child processes by using the following command:

% setarch `uname -m` -R program [args ...]

您可能感兴趣的与本文相关的镜像

ACE-Step

音乐合成

ACE-Step

ACE-Step是由中国团队阶跃星辰（StepFun）与ACE Studio联手打造的开源音乐生成模型。它拥有3.5B参数量，支持快速高质量生成、强可控性和易于拓展的特点。最厉害的是，它可以生成多种语言的歌曲，包括但不限于中文、英文、日文等19种语言