Linux的缓冲区溢出环境变量 [英] Linux Buffer Overflow Environment Variables

问题描述

我一直在审查不同风格的缓冲区溢出，冲进我不记得为什么会出现问题。在code以下是节目我试图上执行缓冲区溢出：

I have been reviewing different styles of buffer overflows and ran into a problem I cannot remember why it occurs. The code as follows is the program I am attempt to perform a buffer overflow on:

#include <stdio.h>

void func(char *buff){  
    char buffer[5];
    strcpy(buffer, buff);
    printf("%s\n", buffer);
}

int main(int argc, char *argv[]){
    func(argv[1]);
    printf("I'm done!\n");
    return 0;
}

该方案的核心理念其实很简单，我只是溢出缓冲区覆盖的返回地址FUNC（）。 _fini＆GT;这时候，我给它一个地址，如 0x0804850c 这恰好是＆LT所有的伟大工程的程序。当我实现与该地址的溢出最终的结果是程序退出优雅不打印我完了！。我现在遇到了现在的问题是，当我试图说点什么的环境变量位于 0xbfffd89 来重定向返回地址。

The core concept of the program is very simple, I just overflow the buffer to overwrite the return address of func(). That all works great when I give it an address such as 0x0804850c which happens to be the <_fini> of the program. The end result when I implement the overflow with that address is the program quits "gracefully" without printing I'm done!. The problem I am running into now is when I attempt to redirect the return address to something say an environment variable located at 0xbfffd89.

外壳code位于特定的环境变量应该说你好后简单地退出程序。然而，这并不发生，程序则只是赛格故障，仅此而已。外壳code已被证实在previous程序我写来测试外壳code工作。任何人都有，为什么这是行不通的任何想法。 THX

The shell code located in that particular environment variable should simply quit the program after saying hello. However that does not occur, the program simply seg faults and that's it. The shell code has already been confirmed to work in the previous program I wrote to test out shell code. Anyone have any ideas why this is not working. Thx

推荐答案

环境变量是位于一个内存区已读和放大器;写权限，但没有执行权限。我转载此很容易如下：

Environment variables are located in a region of memory that has read & write permission but not execute permission. I reproduced this easily as follows:

#include <stdio.h>
#include <stdlib.h>

int
main(int argc, char **argv)
{
void (*function)(void);

        function = (void (*)(void))getenv("PATH");
        function();
        return 0;
}

在 GDB 运行，我得到这个：

Program received signal SIGSEGV, Segmentation fault.
0x00007fffffffeb51 in ?? ()
(gdb) 

我再抬头的地址0x00007fffffffeb51如果 / proc /进程/图，发现这样一行：

7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]

有一个 - 其中 X （执行）位通常会发现

There's a - where the x (execute) bit would normally be found.

这篇关于Linux的缓冲区溢出环境变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！