This page looks best with JavaScript enabled

Enabling ASLR on FreeBSD

 ·  🎃 kr0m

Address Space Layout Randomization (ASLR) is a computer security technique that makes it more difficult to exploit vulnerable binaries. With ASLR, the stack of binary functions will be loaded at random addresses in RAM, so a stack overflow will not be reproducible in the next execution since the payload address will have changed.

If you don’t know what I’m talking about, you can check out the following article:
Introduction to the art of exploiting on Linux-x86

The parameter allows us to enable it for 32 and 64 bits binaries, to enable this security measure on FreeBSD is as simple as modifying the kern.elf632/4.aslr.enable parameter in sysctl.

Check if it is enabled, it should not be enabled by default:

sysctl kern.elf64.aslr.enable
kern.elf64.aslr.enable: 0
sysctl kern.elf32.aslr.enable
kern.elf32.aslr.enable: 0

Enable it:

sysctl kern.elf64.aslr.enable=1
kern.elf64.aslr.enable: 0 -> 1
sysctl kern.elf32.aslr.enable=1
kern.elf32.aslr.enable: 0 -> 1

To make it permanent after a reboot, we must configure it in the loader.conf file:

vi /boot/loader.conf


There are some programs that doesn`t work correctly when ASLR is enabled, to disallow ASLR only for that binaries we can execute the following command:

elfctl -e +noaslr /usr/bin/wine64.bin

If you liked the article, you can treat me to a RedBull here