* Stack protection mechanisms in 4.0+/4.1.2?
@ 2007-10-13 22:10 IceDane
2007-10-15 11:14 ` Andrew Haley
0 siblings, 1 reply; 2+ messages in thread
From: IceDane @ 2007-10-13 22:10 UTC (permalink / raw)
To: gcc-help
Hey there.
A course in my school involves exploitation of various vulnerabilities,
such as buffer overflows and format string vulnerabilities and so on.
I'm currently running kbuntu, latest version, which comes with gcc 4.1.2
stock. If I compile a vulnerable program(A simple strcpy of argv[1] to a
small buffer) and then attempt to execute an exploit, no matter what i
do, it fails.
I realize that the ubuntu gcc 4.1.2 compiles with the -fstack-protector
as default, however, even if I use -fno-stack-protector, the problem
still prevails.
All kernels since 2.6 also come with virtual address space randomization
as default, and I've disabled that.
Anyway, I found something that said if you installed gcc 3.3, you'd be
fine. I try that, and voila, exploit executes accordingly.
Now, I ask - What is it, other than the -fstack-protector flag, which
can disable buffer overflow exploits like that in gcc?
P.S. I just installed ubuntu to see if the problem prevailed here - I
was using slack 12.0 just yesterday, with the same version of GCC, and I
had the exact same problem.
All help greatly appreciated.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Stack protection mechanisms in 4.0+/4.1.2?
2007-10-13 22:10 Stack protection mechanisms in 4.0+/4.1.2? IceDane
@ 2007-10-15 11:14 ` Andrew Haley
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Haley @ 2007-10-15 11:14 UTC (permalink / raw)
To: IceDane; +Cc: gcc-help
IceDane writes:
> Hey there.
>
> A course in my school involves exploitation of various vulnerabilities,
> such as buffer overflows and format string vulnerabilities and so on.
>
> I'm currently running kbuntu, latest version, which comes with gcc 4.1.2
> stock. If I compile a vulnerable program(A simple strcpy of argv[1] to a
> small buffer) and then attempt to execute an exploit, no matter what i
> do, it fails.
>
> I realize that the ubuntu gcc 4.1.2 compiles with the -fstack-protector
> as default, however, even if I use -fno-stack-protector, the problem
> still prevails.
>
> All kernels since 2.6 also come with virtual address space randomization
> as default, and I've disabled that.
>
> Anyway, I found something that said if you installed gcc 3.3, you'd be
> fine. I try that, and voila, exploit executes accordingly.
>
> Now, I ask - What is it, other than the -fstack-protector flag, which
> can disable buffer overflow exploits like that in gcc?
I suspect that the stack layout has changed, and so your exploit no
longer works. What happened whan you single-stepped through the
exploint injection in gdb?
Andrew.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-10-15 9:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-10-13 22:10 Stack protection mechanisms in 4.0+/4.1.2? IceDane
2007-10-15 11:14 ` Andrew Haley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).