Segmentation fault 和砸栈不一样吗? [英] Isnt Segmentation fault the same as the smashing the stack?

问题描述

由于编程错误，我们会遇到分段错误.但是作为一个必要的工具，我们尝试了同样的事情，但是内核检测到它破坏了堆栈.内核究竟是如何看到差异的?

As a consequence of an programming error we get segmentation faults . But as a necessary tool we try the same thing but the kernel detects it as smashing the stack . How exactly does the kernel see the difference ?

推荐答案

简单地说，没有.分段错误是指内核能够检测到无效的内存访问，然后终止进程.内核无法检测到一些无效的内存访问，堆栈溢出就是建立在这些之上的.但是，编译器可以检测到堆栈溢出，并且在最新版本的 gcc (4.1+) 中，它具有针对堆栈粉碎攻击的内置保护.基本上，金丝雀"值被放置在堆栈帧之间的堆栈上.检查以确保金丝雀仍然具有正确的值；如果没有(因为它被覆盖并且覆盖者无法猜测正确的值)，则执行堆栈粉碎保护例程.有关更多信息，请参阅:http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29和http://wiki.osdev.org/GCC_Stack_Smashing_Protector

Briefly, no. Segmentation faults are when the kernel is able to detect an invalid memory access and then kills the process. Some invalid memory accesses cannot be detected by the kernel, and stack overflows are built on these. However, stack overflows can be detected by the compiler and are in recent versions of gcc (4.1+), which have built-in protection against stack smashing attacks. Basically, a "canary" value is placed on the stack between stack frames. There are checks to make sure the canary still has the correct value; if it doesn't (because it was overwritten and the overwriter couldn't guess the correct value) then the stack smashing protection routines execute. For more information, see: http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29 and http://wiki.osdev.org/GCC_Stack_Smashing_Protector

您可以使用-fno-stack-protector"禁用 gcc 保护，有关更多信息，请参阅:堆栈粉碎代码在 Linux 内核 2.6.38.7 上不起作用...请帮助

You can disable the gcc protection with "-fno-stack-protector", for more on this see: Stack smashing code not working on Linux kernel 2.6.38.7... Please help

相反，分段错误只是发生在程序任何地方的无效内存访问，这意味着内核检测到对不在程序允许的内存区域中的内存的访问.AFAIK 这是使用 x86 段和虚拟内存的组合来检查的.内核/操作系统没有真正的方法可以知道访问是在原始程序代码中还是代码被某种方式利用；无论哪种方式，程序都试图访问它无法访问的内存，因此它被强制终止.

Conversely, a segmentation fault is just an invalid memory access that happens anywhere in the program, meaning the kernel detects access to memory that is not in the program's allowed memory region. AFAIK this is checked using a combination of x86 segments and virtual memory. There's no real way for the kernel/OS to know whether an access was in the original program code or the code was exploited somehow; either way, the program is attempting to access memory it cannot and so it is forcibly terminated.

这篇关于Segmentation fault 和砸栈不一样吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！