1

Possible Duplicate:
Stack Overflows - Defeating Canaries, ASLR, DEP, NX

is there anyway to disable ASLR in Linux kernel 2.6.32-71.el6.x86_64, with Apache privileges?? I tried this commands:

 sudo bash -c "echo 0 > /proc/sys/kernel/randomize_va_space"

but because i do not have normal user privilege, this command did not work. Someone wrote exploit to get root access, but this exploit gives the following error message: "[11754: 5 (255)] tcsetattr: Invalid argument". I asked him about this and he told me to disable NX and ASLR.

I am working with centOS Lnux, Kernel 2.6.32-71.el6.x86_64, and there are many packages installed on the system like : mailman 2.1.12-14.e16, mailscanner 4.83.5-1, postfix 2.6.6-2.316.x86-64, dovecot 2.0-0.10.beta6.20100630.e16.x86-64, crontabs 1-10-32.1.e16, mysql 5.3-3

I also have a mysql account - I tried to add user to linux via mysql command line, but it did not work. Is there any way to create a linux user via mysql command line?

user1028
  • 437
  • 4
  • 8
  • 14
  • 1
    You'd need a privilege escalation to root, or file write privilege check bypass. – Polynomial Sep 23 '12 at 09:18
  • Hi @user1028, please edit your question to include all the information you added in all the different comments. Comments should be specific and clear, not add lots of new information - as it is, this thread is getting a bit chatty. Comments are not really for that... – AviD Sep 23 '12 at 18:39
  • If you have the `setarch` command, you may use it like this for binaries: `setarch \`arch\` -R ./binary` – Mukesh Sai Kumar Jan 11 '18 at 11:50

2 Answers2

1

No. ASLR is an important part of kernel security. Non-root users are not supposed to be able to turn off ASLR. The only way you're likely to be able to do it is to exploit a privilege escalation vulnerability to get root (as @Polynomial says), or exploit some other vulnerability in the system.

D.W.
  • 98,860
  • 33
  • 271
  • 588
  • I believe non-root users can disable ASLR on applications they run, using the `ADDR_NO_RANDOMIZE` persona with [`personality()`](http://man7.org/linux/man-pages/man2/personality.2.html). – forest Dec 16 '17 at 04:03
-4

This may work depending on the system:

ulimit -s unlimited
Zzz
  • 766
  • 5
  • 9