目前randomize_va_space的值有三种,分别是[0,1,2]
0 - 表示关闭进程地址空间随机化。
1 - 表示将mmap的基址,stack和vdso页面随机化。
2 - 表示在1的基础上增加栈(heap)的随机化。
- # echo 0 >/proc/sys/kernel/randomize_va_space
通过用下面这个程序,可以检查是否修改成功(x86_64):
- // gcc -g stack.c -o stack
- //
- unsigned long sp(void){ asm("mov %rsp, %rax");}
- int main(int argc, char **argv)
- {
- unsigned long esp = sp();
- printf("Stack pointer (ESP : 0x%lx)\n",esp);
- return 0;
- }
关闭前运行结果
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fff50162e50)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fff5d023730)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7ffff9982180)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fffb23612a0)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7ffffd5a4980)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fffbac61bf0)
关闭后运行结果
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fffffffeaf0)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fffffffeaf0)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fffffffeaf0)
- -bash-4.1# ./stack
- Stack pointer (ESP : 0x7fffffffeaf0)