The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
Address Space Layout Randomization (ASLR) can help defeat
certain types of buffer overflow attacks. ASLR can locate the
base, libraries, heap, and stack at random positions in a
process's address space, which makes it difficult for an
attacking program to predict the memory address of the next
instruction. ASLR is built into the Linux kernel and is
controlled by the parameter
/proc/sys/kernel/randomize_va_space
. The
randomize_va_space
parameter can take the
following values:
- 0
Disable ASLR. This setting is applied if the kernel is booted with the
norandmaps
boot parameter.- 1
Randomize the positions of the stack, virtual dynamic shared object (VDSO) page, and shared memory regions. The base address of the data segment is located immediately after the end of the executable code segment.
- 2
Randomize the positions of the stack, VDSO page, shared memory regions, and the data segment. This is the default setting.
You can change the setting temporarily by writing a new value to
/proc/sys/kernel/randomize_va_space
, for
example:
# echo value
> /proc/sys/kernel/randomize_va_space
To change the value permanently, add the setting to
/etc/sysctl.conf
, for example:
kernel.randomize_va_space = value
and run the sysctl -p command.
If you change the value of
randomize_va_space
, you should test your
application stack to ensure that it is compatible with the new
setting.
If necessary, you can disable ASLR for a specific program and its child processes by using the following command:
% setarch `uname -m` -R program
[args
...]