I came from this link: Force gdb to load shared library at randomized address and I learned that gdb will disable ASLR for the current process.
But the only way I know to disable ASLR is to do it globally via echo 0 > /proc/sys/kernel/randomize_va_space.
Now I'm wondering how does gdb disable ASLR on startup, and only for the current process?
EDIT
As ssbssa suggested, I wrote a program to test it:
#include <stdio.h>
#include <unistd.h>
#include <sys/personality.h>
int main(int argc, char **argv)
{
char *argv2[] = { argv[0], "test", "\0" };
if (argc == 1)
{
char *data = malloc(20);
printf("pid %d\n", getpid());
printf("heap allocated at %p\n", data);
printf("system() at %p\n", system);
puts("exit in 100s");
sleep(100);
exit(0);
}
personality(ADDR_NO_RANDOMIZE);
execvp(argv2[0], argv2);
}
And the process map is:
# cat /proc/1997932/maps
00400000-00401000 r--p 00000000 fc:01 430424 /root/no-aslr
00401000-00402000 r-xp 00001000 fc:01 430424 /root/no-aslr
00402000-00403000 r--p 00002000 fc:01 430424 /root/no-aslr
00403000-00404000 r--p 00002000 fc:01 430424 /root/no-aslr
00404000-00405000 rw-p 00003000 fc:01 430424 /root/no-aslr
01352000-01373000 rw-p 00000000 00:00 0 [heap]
7f222f928000-7f222f94a000 r--p 00000000 fc:01 394264 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222f94a000-7f222fac2000 r-xp 00022000 fc:01 394264 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222fac2000-7f222fb10000 r--p 0019a000 fc:01 394264 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222fb10000-7f222fb14000 r--p 001e7000 fc:01 394264 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f222fb14000-7f222fb16000 rw-p 001eb000 fc:01 394264 /usr/lib/x86_64-linux-gnu/libc-2.31.so