I use Knoppix (or other Live CDs/DVDs) as a secure environment for creating valuable crypto keys. Unfortunately entropy is a limited resource in such environments. I just noticed that each program start consumes quite some entropy. This seems to be due to some stack protection feature that needs address randomization.
Nice feature but completely useless and – worse – destructive in my scenario. Is there any possibility to disable this feature? I would prefer one that allows me to continue using the original Knoppix (or whatever) image and just need some configuration at runtime.
I read that this was caused by glibc. I am surprised that an strace -p $PID -f -e trace=open against bash does not show any accesses to /dev/random when I start programs. But I am not familiar with the interaction of execve() and the linker.
Best Answer
If this is indeed due to address randomization (ASLR has to do with where the program is loaded, see here: http://en.wikipedia.org/wiki/Address_space_layout_randomization) then you can disable it by passing
norandmapsto the kernel in the boot options (see here: http://www.linuxtopia.org/online_books/linux_kernel/kernel_configuration/re30.html).