6


I'm reading "The art of exploitation" and would like to try some experiments, including reading from and writing to various memory address. I've created some simple programs and trying to overwrite their variables via various hacks, the problem is that these variables' addresses keep changing every time I run the program, making all this extremely complicated.
I know this is for security reasons but I'm wondering if is it possible to disable it for learning purposes. Here's my system's and gcc's info:

blackbear@blackbear-laptop:~$ uname -a
Linux blackbear-laptop 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
blackbear@blackbear-laptop:~$ gcc --version
gcc (Ubuntu 4.4.3-4ubuntu5) 4.4.3
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

blackbear@blackbear-laptop:~$
Gilles 'SO- stop being evil'
  • 829,060
BlackBear
  • 195
  • 1
  • 6

2 Answers2

6

If I'm not mistaken it should be possible to disable the address space randomization via proc filesystem:

echo 0 > /proc/sys/kernel/randomize_va_space

Obviously, you have to be root for this.

Petr Uzel
  • 7,257
  • Got it. But it gives me "access denied" even with sudo – BlackBear Apr 26 '11 at 15:53
  • 1
    That's because shell does the redirection before executing sudo. So if you need/want to use sudo, you have to do it as following: sudo sh -c 'echo 0 > /proc/sys/kernel/randomize_va_space' – Petr Uzel Apr 26 '11 at 16:04
  • 1
    If you're doing this 'by hand' and not in a script, then another option would be using sudoedit. It's quite convenient for setting /proc file values and there's no need to escape the echo command etc. – Erik P. Apr 26 '11 at 20:26
  • @Erik tee is another common way (see this post) – Michael Mrozek Apr 26 '11 at 20:49
0

Another option to temporarily change the setting is via the sysctl command.

sysctl -w kernel.randomize_va_space=0

To make this setting permanent and active after a system reboot, add the option to /etc/sysctl.conf. Default value should be 2 for the most secure

Stephen Kitt
  • 434,908
fellahst
  • 101