Run code in a process stack on recent Linux

Question

Run code in a process stack on recent Linux

I want to use ptrace to write a piece of binary on the stack of a running process. However, this causes a loss of segmentation (signal 11).

I can make sure that the% eip list contains a pointer to the first command that I want to execute on the stack. I assume that there is some kind of mechanism that linux protects the stack data that will be executable.

So, does anyone know how to disable such protection for the stack. In particular, I'm trying to use Fedora 15.

Thanks a lot!

After reading all the answers, I tried execstack, which really makes the code on the stack executable. Thanks everyone!

+4

stack linux

flyingbin Jun 26 '11 at 7:42

source share

2 answers

cxreg · Answer 1 · 2011-06-26T07:51:37+0000

This is probably due to NX bit on modern processors. You can disable this for your program using execstack .

http://advosys.ca/viewpoints/2009/07/disabling-the-nx-bit-for-specific-apps/

http://linux.die.net/man/8/execstack

flolo · Answer 2 · 2011-06-26T09:37:57+0000

As already mentioned, this is due to the NX bit. But it is possible. I know for sure that gcc uses it itself for trampolines (which are a workaround for creating, for example, pointers to functions of nested functions). I did not look at the details, but I would recommend looking at the gcc code. Search the sources for the macro specific to the TARGET_ASM_TRAMPOLINE_TEMPLATE architecture, there you should see how they do it.

EDIT: A quick google for this macro gave me a hint: mprotect used to change permissions on a memory page. Also, be careful when you create a date and execute it - perhaps you have an add-on to clear the command cache.

Run code in a process stack on recent Linux

More articles: