Stack execution protection and randomization on ubuntu

Question

Stack execution protection and randomization on ubuntu

As part of the course assignment, I need to write an exploit code to cause a buffer overflow and execute code that is present on the stack.

I disabled stack randomization with the following command: sysctl -w kernel.randomize_va_space = 0 However, I cannot find a way to disable stack execution protection. I'm not sure if there is any exec exec protection in ubuntu or not ... so my first question is: is there something like red-exec exec-shield in ubuntu 8.10, and if there is, how can we disable it .

I try to cause a buffer overflow and execute an instruction from the stack, but whenever I try to do this, it gives me a seg error.

I have ubuntu 8.10 64 bit, HOWEVER, debugging the im program compiled on an i386 machine with stack protection disabled.

+5

c security stack-overflow buffer-overflow

user60103 Feb 09 '09 at 12:37

source share

2 answers

Muhammed abiola · Answer 1 · 2010-02-04T02:00:31+0000

You probably want to compile the flag -z execstackin your GCC compilation along with -fno-stack-protector(to disable SSP / Propolice GSP stack protection), i.e.:

gcc -fno-stack-protector -z execstack -o vuln vuln.c

After that, everything should work out. Note that sysctl -w kernel.randomize_va_space=0- this is just randomization of the address space, not stack protection, per se; which may be roughly forced to use various methods.

Fixee · Answer 2 · 2013-04-16T19:58:39+0000

These programs can often be used without executable stacks. If the victim compiles without an executable stack, consider reverse-oriented programming as an exploit method.

http://en.wikipedia.org/wiki/Return-oriented_programming

Stack execution protection and randomization on ubuntu

More articles: