有什么办法可以绕过SSP（堆栈粉碎保护）/ Propolice？ [英] Is there any way to bypass SSP (StackSmashing Protection)/Propolice?

问题描述

经过一番研究，我没有发现任何描述此方法的论文（甚至没有不可靠的论文）。似乎SSP（堆栈粉碎保护）/ Propolice

After some research i haven't found any paper describing method to do this (no even an unreliable one). It seems that SSP (StackSmashing Protection)/Propolice

推荐答案

Canary的安全性非常好，可以防止缓冲区溢出。多年以来，各种Canary实施都被打破，然后变得更加安全。重要的是，即使在Vista，Windows 7和Fedora 11上仍在利用高级内存保护缓冲区溢出……

Canary's are a very good security measure for protecting against some buffer overflows. Over the years various Canary implementations have been broken and then made more secure. What is important is that even despite advanced memory protection buffer overflows are still being exploited on Vista, Windows 7 and Fedora 11...

要提到的一个非常重要的事情是金丝雀只保护该函数的调用框架（包括强大的EIP！）。缓冲区溢出可能会在内存的其他部分（例如堆）中发生，而金丝雀不会有任何影响。此外，可以使用缓冲区溢出对应用程序进行黑客入侵，而不必覆盖EIP。控制EIP是将缓冲区溢出转换为致命漏洞的一种非常简单直接的方法，这就是为什么它是最常见的漏洞利用方法。

One very important thing to mention is that Canary's only protect the function's call frame (which includes the mighty EIP!). A buffer overflow can happen in another segment of memory such as the Heap, and a canary would have no affect. Further more an application can be hacked using a buffer overflow without ever having to overwrite an EIP. Controlling the EIP is a very straight forward and easy method to turn a buffer overflow into a killer exploit and that is why it is the most common method of exploitation.

这些开发方法以及其他方法都在利用软件：如何破解代码。

These exploitation methods, as well as others are gone over in great detail in Exploiting Software: How to break code.

这篇关于有什么办法可以绕过SSP（堆栈粉碎保护）/ Propolice？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！