如何关闭gcc编译器的优化，使缓冲区溢出 [英] How to turn off gcc compiler optimization to enable buffer overflow

问题描述

我工作的一<一href=\"http://stackoverflow.com/questions/2333909/c-how-can-i-invoke-buffer-overflow-hw-problem-not-hacking\">homework问题需要禁用编译器优化保护为它工作。我使用的是Ubuntu Linux操作系统的gcc 4.4.1，但不能找出哪些标志是正确的。我意识到这是依赖于体系结构 - 在我的机器上运行瓦特/ 32位的英特尔处理器

I'm working on a homework problem that requires disabling compiler optimization protection for it to work. I'm using gcc 4.4.1 on ubuntu linux, but can't figure out which flags are are the right ones. I realize it's architecture dependant - my machine runs w/ 32-bit Intel processor.

感谢。

推荐答案

这是一个很好的问题。为了解决这个问题，您还必须禁用ASLR克（）的，否则该地址将取消predictable。

That's a good problem. In order to solve that problem you will also have to disable ASLR otherwise the address of g() will be unpredictable.

禁用ASLR：

sudo bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space'

禁用金丝雀：

gcc overflow.c -o overflow -fno-stack-protector

在加那利群岛和ASLR被禁用它应该像粉碎的乐趣和利润描述的一个直接的攻击一>

After canaries and ASLR are disabled it should be a straight forward attack like the ones described in Smashing the Stack for Fun and Profit

下面是在Ubuntu使用的安全功能列表： https://wiki.ubuntu.com/Security/Features你不必担心NX位，克（地址）总是会在内存中的可执行区域，因为它是文本的内存段内。 NX位才开始发挥作用，如果你想栈或堆，这是不需要这个任务的执行shell code。

Here is a list of security features used in ubuntu: https://wiki.ubuntu.com/Security/Features You don't have to worry about NX bits, the address of g() will always be in a executable region of memory because it is within the TEXT memory segment. NX bits only come into play if you are trying to execute shellcode on the stack or heap, which is not required for this assignment.

现在去那个撞 EIP ！

这篇关于如何关闭gcc编译器的优化，使缓冲区溢出的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！