How to defeat ASLR in linux kernel?

Question

Possible Duplicate:
Stack Overflows - Defeating Canaries, ASLR, DEP, NX

is there anyway to disable ASLR in Linux kernel 2.6.32-71.el6.x86_64, with Apache privileges?? I tried this commands:

 sudo bash -c "echo 0 > /proc/sys/kernel/randomize_va_space"

but because i do not have normal user privilege, this command did not work. Someone wrote exploit to get root access, but this exploit gives the following error message: "[11754: 5 (255)] tcsetattr: Invalid argument". I asked him about this and he told me to disable NX and ASLR.

I am working with centOS Lnux, Kernel 2.6.32-71.el6.x86_64, and there are many packages installed on the system like : mailman 2.1.12-14.e16, mailscanner 4.83.5-1, postfix 2.6.6-2.316.x86-64, dovecot 2.0-0.10.beta6.20100630.e16.x86-64, crontabs 1-10-32.1.e16, mysql 5.3-3

I also have a mysql account - I tried to add user to linux via mysql command line, but it did not work. Is there any way to create a linux user via mysql command line?

You'd need a privilege escalation to root, or file write privilege check bypass. — Polynomial, Sep 23 '12 at 09:18
Hi @user1028, please edit your question to include all the information you added in all the different comments. Comments should be specific and clear, not add lots of new information - as it is, this thread is getting a bit chatty. Comments are not really for that... — AviD, Sep 23 '12 at 18:39
If you have the `setarch` command, you may use it like this for binaries: `setarch \`arch\` -R ./binary` — Mukesh Sai Kumar, Jan 11 '18 at 11:50

score 1 · Answer 1 · answered Sep 23 '12 at 17:56

1

No. ASLR is an important part of kernel security. Non-root users are not supposed to be able to turn off ASLR. The only way you're likely to be able to do it is to exploit a privilege escalation vulnerability to get root (as @Polynomial says), or exploit some other vulnerability in the system.

answered Sep 23 '12 at 17:56

D.W.

98,420
30
267
572

I believe non-root users can disable ASLR on applications they run, using the `ADDR_NO_RANDOMIZE` persona with [`personality()`](http://man7.org/linux/man-pages/man2/personality.2.html). – forest Dec 16 '17 at 04:03

score -4 · Answer 2 · answered Sep 23 '12 at 16:47

-4

This may work depending on the system:

ulimit -s unlimited

answered Sep 23 '12 at 16:47

Zzz

756
5
9

unfortunately it did not work – user1028 Sep 23 '12 at 18:01
1

Disabling the stack resource limit allows one to use stack exhaustion to cripple ASLR, but it does not disable it by itself. – forest Dec 16 '17 at 04:01
In any case, this bug has been patched (after more than a decade). – forest Dec 21 '18 at 04:17

How to defeat ASLR in linux kernel?

2 Answers2