| Summary: | glibc is not using ASLR | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Chunyu Hu <chuhu> |
| Component: | glibc | Assignee: | Carlos O'Donell <codonell> |
| Status: | CLOSED NOTABUG | QA Contact: | qe-baseos-tools-bugs |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.8 | CC: | ashankar, chuhu, fweimer, mnewsome, pfrankli |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-24 14:06:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
The addresses look like prelink is enabled during your test. Please disable it try again. prelink defaults changed between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. (In reply to Florian Weimer from comment #1) > The addresses look like prelink is enabled during your test. Please disable > it try again. > > prelink defaults changed between Red Hat Enterprise Linux 6 and Red Hat > Enterprise Linux 7. How should I disable prelink? can you provide a simple step? Thanks. Please see this solution: https://access.redhat.com/solutions/93743 (In reply to Florian Weimer from comment #3) > Please see this solution: https://access.redhat.com/solutions/93743 Thanks for the info although i can't open it. After disabling the prelink. then, the address is randomized. So this is just a configure issue, which costing we two guy much time to reproduce / debug this. How funny it is. Thank so much. Is there any more can we do for this? if not, please feel free to close this. [root@amd-dinar-01 ~]# for i in $(seq 1 10);do cat /proc/self/maps | grep "r-xp.*libc" 2>&1| awk -F " " '{print $1}';done 7f6e2dc92000-7f6e2de1c000 7f93198fd000-7f9319a87000 7f5c7d952000-7f5c7dadc000 7f9ea8f9d000-7f9ea9127000 7f780da10000-7f780db9a000 7f302015b000-7f30202e5000 7fcc26204000-7fcc2638e000 7ffbd801b000-7ffbd81a5000 7f2b11e0a000-7f2b11f94000 7ff80b7e7000-7ff80b971000 (In reply to Chunyu Hu from comment #5) > (In reply to Florian Weimer from comment #3) > > Please see this solution: https://access.redhat.com/solutions/93743 > > Thanks for the info although i can't open it. After disabling the prelink. > then, the address is randomized. So this is just a configure issue, which > costing we two guy much time to reproduce / debug this. How funny it is. > Thank so much. Is there any more can we do for this? if not, please feel > free to close this. Thanks for confirming it's prelink. This is expected for Red Hat Enterprise Linux 6, so I'm closing this bug. |
Description of problem: stack and vdso is implementing the ASLR.But on RHEL-6.8-20160315.0, the ASLR is not working for the load address of libc. After compared with the output with RHEL7.2, find that when loading libc r-xp segment, a fixed addr is given to sys_mmap. So this looks like an issue. Here file a bz to track this issue, even if I'm wrong, we can close it. And I hope I am right to file the bz to glibc. Version-Release number of selected component (if applicable): How reproducible: %100 Steps to Reproduce: On an Intel cpu box: [root@ibm-x3650m4-06 ~]# hostname ibm-x3650m4-06.rhts.eng.pek2.redhat.com [root@ibm-x3650m4-06 ~]# for i in $(seq 1 10);do cat /proc/self/maps | grep "r-xp.*libc" 2>&1| awk -F " " '{print $1}';done 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 3a57c00000-3a57d8a000 ---------------------------------- Amd family21: [root@amd-dinar-01 ~]# hostname amd-dinar-01.lab.bos.redhat.com [root@amd-dinar-01 ~]# for i in $(seq 1 10);do cat /proc/self/maps | grep "r-xp.*libc" 2>&1| awk -F " " '{print $1}';done 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 333e000000-333e18a000 [root@ibm-x3650m4-06 ~]# uname -r 2.6.32-627.el6.x86_64 [root@ibm-x3650m4-06 ~]# rpm -q glibc glibc-2.12-1.192.el6.x86_64 Actual results: glibc address is not randomized but fixed. Expected results: it should be randomized. Additional info: Bug1240883 Executed the stap below on the amd box above: can find that the 220083519488 is always delivered to sys_mmap. and its hex value is 333e000000. [root@amd-dinar-01 ~]# stap -e 'probe kernel.function("sys_mmap") { println($$vars$$)}' -c 'cat /proc/self/maps ' | grep ^addr addr=0 len=4096 prot=3 flags=34 fd=4294967295 off=0 error=? addr=0 len=46887 prot=1 flags=2 fd=3 off=0 error=? addr=220083519488 len=3750184 prot=5 flags=2050 fd=3 off=0 error=? addr=220087230464 len=24576 prot=3 flags=2066 fd=3 off=1613824 error=? addr=220087255040 len=14632 prot=3 flags=50 fd=4294967295 off=0 error=? addr=0 len=4096 prot=3 flags=34 fd=4294967295 off=0 error=? addr=0 len=4096 prot=3 flags=34 fd=4294967295 off=0 error=? addr=0 len=4096 prot=3 flags=34 fd=4294967295 off=0 error=? addr=0 len=99164480 prot=1 flags=2 fd=3 off=0 error=?