Get a development shell with no ASLR

Pamplemousse · July 13, 2021, 6:39pm

Context, and problem

Contributing to a project that uses nix (flakes), I use nix develop to get a shell where all the dependencies and tools are available to work on the project.

However, now, to debug the binary I am working on, I am trying to get a nix shell where ASLR is disabled.

(analogously, on a project that has shell.nix and use nix-shell, I would like to be able to do the same)

Unsatisfactory solution

On other Linux distros, I would use setarch "$(uname -m)" -R $(which bash) to get such a shell.

Right now, I can use that command before typing nix develop, and it works, but I am looking for a more nix-y solution…

Question(s)

How could I modify the flake.nix, or shell.nix for the shell to have ASLR disabled?

Could shellHook be leveraged to do that? (using directly the setarch... command aforementioned with stdenv.shell, or pkgs.bash gives me a broken shell - example below).

# shell.nix
with import <nixpkgs> { };

stdenv.mkDerivation rec {
  name = "test";
  shellHook = ''
    setarch $(uname -m) -R ${stdenv.shell}
  '';
}

Radvendii · July 13, 2021, 9:24pm

I’m not really sure what ASLR is or does, but

stdenv.mkDerivation rec {
  name = "test";
  shellHook = ''
    exec setarch $(uname -m) -R
  '';
}

fixed the broken shell for me (and an issue where I had to exit twice from the shell to get out)

Also, I’m not very familiar with using nix-shell at all, or what mkShell does, but should it be this instead?

mkShell {
  shellHook = ''
    exec setarch $(uname -m) -R
  '';
}

Pamplemousse · July 13, 2021, 10:03pm

Actually, simply using:

# shell.nix
with import <nixpkgs> { };

stdenv.mkDerivation rec {
  name = "test";
  shellHook = ''
    setarch $(uname -m) -R
  '';
}

Also fixes the broken shell (still have to exit twice), and I get a bash shell, which is nice.
However, this pretty mysterious because man setarch explicitely says:

The default program is /bin/sh.

I wonder what’s happening here

Pamplemousse · July 13, 2021, 10:07pm

I don’t know if pkgs.mkShell can be be used in lieu of stdenv.mkDerivation in a flake.nix;
I just tried, and it seems to be working, but I am not 100% certain it is not messing anything under the hood…

Mic92 · July 15, 2021, 8:37am

Maybe you can convince your shell to do a arch_prctl syscall somehow
In my current project we inject system calls into other processes via ptrace: vmsh/inject_syscall.rs at 3153a6dab957151d3ecef8454c9a2c7e3f61d4f6 · Mic92/vmsh · GitHub