TL;DR
Address Space Layout Randomisation (ASLR) is a vital cyber security feature that makes it harder for attackers to exploit vulnerabilities. Ubuntu 11.10 has ASLR enabled by default, but we can check its status and ensure it’s working effectively. This guide shows you how.
Checking ASLR Status
- Verify Kernel Support: First, confirm your kernel supports ASLR. Most kernels from this era do.
- Run the following command in a terminal:
cat /proc/cmdlineIf you see ‘randomize_base’ or similar options related to memory randomisation, it’s likely enabled at kernel level.
- Run the following command in a terminal:
- Check Current ASLR Settings: Use the sysctl command.
- To view all settings related to address space layout randomisation:
sysctl -a | grep aslrLook for entries like ‘kernel.randomize_va_space’, which controls the level of randomisation.
- To view all settings related to address space layout randomisation:
Understanding ASLR Levels
The kernel.randomize_va_space setting has three possible values:
- 0: No randomisation (not recommended).
- 1: Randomises the base address of executables, libraries and stack. This is a good default level.
- 2: Full randomisation – also randomises heap locations. Offers stronger cyber security but can slightly reduce performance.
Enabling/Disabling ASLR (If Necessary)
- Temporarily Change the Setting: To change the setting for the current session:
- To enable full randomisation:
sudo sysctl -w kernel.randomize_va_space=2 - To disable ASLR (strongly discouraged):
sudo sysctl -w kernel.randomize_va_space=0
- To enable full randomisation:
- Make the Change Permanent: To make the change persist after a reboot, edit the sysctl.conf file.
- Open the file with root privileges:
sudo nano /etc/sysctl.conf - Add or modify the following line (e.g., for full randomisation):
kernel.randomize_va_space = 2 - Save and close the file, then apply the changes:
sudo sysctl -p
- Open the file with root privileges:
Checking ASLR is Working
- Use a Test Program: A simple test program can demonstrate if ASLR is functioning. The addresses should change each time you run it.
- Compile a basic C program (e.g., test_aslr.c):
gcc -o test_aslr test_aslr.c - Run the program multiple times and observe the addresses printed to the console using ldd or a debugger like gdb.
ldd ./test_aslr - If the base addresses of libraries and the executable change with each execution, ASLR is working correctly.
- Compile a basic C program (e.g., test_aslr.c):