我知道ulimit -s unlimited trick(固定libc的地址)但是我不明白背后的事实,谁能帮我解释一下?~ 谢谢
最佳答案
根据 bash 手册页
ulimit provides control over the resources available to the shell and to processes started by it, on systems that allow such control.
-s 标志定义最大堆栈大小。
因此 ulimit -s unlimited
删除了堆栈大小的最大限制,这启用了旧版 mmap 函数。
根据 Hexcellent
On 32 bit systems “ulimit -s unlimited” disables the randomization of the mmap()-ing because of the following code in the kernel at arch/x86/mm/mmap.c:
static int mmap_is_legacy(void)
{
if (current->personality & ADDR_COMPAT_LAYOUT)
return 1;
if (rlimit(RLIMIT_STACK) == RLIM_INFINITY)
return 1;
return sysctl_legacy_va_layout;
}
关于linux - 为什么 "ulimit -s unlimited"可以在溢出时反ASLR?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17630745/