pie base address is fixed in gdb

StackOverflow https://stackoverflow.com/questions/22148084

  •  19-10-2022
  •  | 
  •  

Question

I am using ubuntu-13.10 with ASLR enabled

root@ubuntu:/home/meltdown# cat /proc/sys/kernel/randomize_va_space 
2

I have compiled a simple hello world program with gcc -pie option. if I run this program stand alone, the base address of PIE executable is random. like this.

root@ubuntu:/home/meltdown# cat /proc/8872/maps
b758b000-b758c000 rw-p 00000000 00:00 0 
b758c000-b773a000 r-xp 00000000 08:01 10749216   /lib/i386-linux-gnu/libc-2.17.so
b773a000-b773c000 r--p 001ae000 08:01 10749216   /lib/i386-linux-gnu/libc-2.17.so
b773c000-b773d000 rw-p 001b0000 08:01 10749216   /lib/i386-linux-gnu/libc-2.17.so
b773d000-b7740000 rw-p 00000000 00:00 0 
b7752000-b7756000 rw-p 00000000 00:00 0 
b7756000-b7757000 r-xp 00000000 00:00 0          [vdso]
b7757000-b7777000 r-xp 00000000 08:01 10749212   /lib/i386-linux-gnu/ld-2.17.so
b7777000-b7778000 r--p 0001f000 08:01 10749212   /lib/i386-linux-gnu/ld-2.17.so
b7778000-b7779000 rw-p 00020000 08:01 10749212   /lib/i386-linux-gnu/ld-2.17.so
b7779000-b777a000 r-xp 00000000 08:01 14942231   /tmp/a
b777a000-b777b000 r--p 00000000 08:01 14942231   /tmp/a
b777b000-b777c000 rw-p 00001000 08:01 14942231   /tmp/a
bf9f4000-bfa15000 rw-p 00000000 00:00 0          [stack]

however, if I debug this program with gdb, the PIE base address is always same(80000000).

root@ubuntu:/home/meltdown# cat /proc/8840/maps
80000000-80001000 r-xp 00000000 08:01 14942231   /tmp/a
80001000-80002000 r--p 00000000 08:01 14942231   /tmp/a
80002000-80003000 rw-p 00001000 08:01 14942231   /tmp/a
b7e12000-b7e13000 rw-p 00000000 00:00 0 
b7e13000-b7fc1000 r-xp 00000000 08:01 10749216   /lib/i386-linux-gnu/libc-2.17.so
b7fc1000-b7fc3000 r--p 001ae000 08:01 10749216   /lib/i386-linux-gnu/libc-2.17.so
b7fc3000-b7fc4000 rw-p 001b0000 08:01 10749216   /lib/i386-linux-gnu/libc-2.17.so
b7fc4000-b7fc7000 rw-p 00000000 00:00 0 
b7fdb000-b7fdd000 rw-p 00000000 00:00 0 
b7fdd000-b7fde000 r-xp 00000000 00:00 0          [vdso]
b7fde000-b7ffe000 r-xp 00000000 08:01 10749212   /lib/i386-linux-gnu/ld-2.17.so
b7ffe000-b7fff000 r--p 0001f000 08:01 10749212   /lib/i386-linux-gnu/ld-2.17.so
b7fff000-b8000000 rw-p 00020000 08:01 10749212   /lib/i386-linux-gnu/ld-2.17.so
bffdf000-c0000000 rw-p 00000000 00:00 0          [stack]

can someone explain why??

Was it helpful?

Solution

The gdb debugger, by default, turns off address space layout randomisation. This is partially to ensure you're always debugging the same environment. From the gdb documentation (search for disable-randomization):

This option is useful for multiple debugging sessions to make the execution better reproducible and memory addresses reusable across debugging sessions.

It's the same reason why I use srand(42) at the start of my code (only when debugging) rather than srand(time(NULL)) - it provides an absolutely consistent environment from run to run, to make debugging easier.

If you had a very subtle bug that was caused by where your code was located in the address space, it may come and go on different runs within the debugger, unless ASLR was disabled.

You can use:

set disable-randomization off

before starting your program from within gdb to re-enable ASLR, as per the gdb documentation.

I suspect you can also use gdb to attach to an already-running process (which is under the ASLR effect) rather than having gdb start your program from scratch though I tend to prefer the use of ~/.gdbinit to force ASLR to be activated.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top