On Mon, Aug 7, 2017 at 12:12 PM, Kees Cook <keescook@google.com> wrote:

On Mon, Aug 7, 2017 at 12:05 PM, Kostya Serebryany <kcc@google.com> wrote:
>
>
> On Mon, Aug 7, 2017 at 11:59 AM, Kees Cook <keescook@google.com> wrote:
>>
>> On Mon, Aug 7, 2017 at 11:56 AM, Kostya Serebryany <kcc@google.com> wrote:
>> > Is it possible to implement some userspace<=>kernel interface that will
>> > allow applications (sanitizers)
>> > to request *fixed* address ranges from the kernel at startup (so that
>> > the
>> > kernel couldn't refuse)?
>>
>> Wouldn't building non-PIE accomplish this?
>
>
> Well, many asan users do need PIE.
> Then, non-PIE only applies to the main executable, all DSOs are still
> PIC and the old change that moved DSOs from 0x7fff to 0x5555 caused us quite
> a bit of trouble too, even w/o PIE

Hm? You can build non-PIE executables leaving all the DSOs PIC.

Yes, but this won't help if the users actually want PIE executables.

If what you want is to entirely disable userspace ASLR under *San, you
can just set the ADDR_NO_RANDOMIZE personality flag.

Mmm. How? Could you please elaborate?

Do you suggest to call personality(ADDR_NO_RANDOMIZE) and re-execute the process?

Or can I somehow set ADDR_NO_RANDOMIZE at link time?

-Kees

--
Kees Cook
Pixel Security