Posted: Fri Oct 16, 2009 8:19 pm Post subject: Problem carrying out a simple buffer overflow
I would like to start learning about the nuts and bolts concerning Linux security. I bought the "Gray Hat Hacking" book by Harris et al. and started working at their example for buffer overflows but hit a bump immediately. Is this the right place to be discussing this sort of thing? If so I give pertinent info below:
char str1; //declare a 10 byte string
//next, copy 35 bytes of "A" to str1
strcpy (str1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
gcc -ggdb -o overflow overflow.c
resulted in the expected segmentation fault.
gdb -q overflow --> run
Starting program: /tmp/overflow
Program received signal SIGSEGV, Segmentation fault.
0x000000000040048f in main () at overflow.c:7
I was expecting something like 0x41414141 instead i.e. the hex for ASCII A is 0x41.
Also (gdb) info reg eip
Invalid register `eip'
The book suggested the following to disable Fedora's Address Space Layout Randomization:
echo "0" > /proc/sys/kernel/randomize_va_space
echo "0" > /proc/sys/kernel/exec-shield
echo "0" > /proc/sys/kernel/exec-shield-randomize
The first two commands executed but the last resulted in:
bash: /proc/sys/kernel/exec-shield-randomize: No such file or directory
Can anyone help me to understand what is going on?
Many thanks in advance,
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum