Professional Documents
Culture Documents
www.google.com/chrome
A free browser that lets you do more of what you like online!
H o me About Free eB o o k
Geek
A r c h iv e s
Unix
B e s t o f t h e B lo g
C o n t act
Print in Unix
Ads by Google
Like
Tw eet
RSS
Stack smashing is a fancy term used for stack buffer overflows. It refers to attacks that exploit bugs in code enabling buffer overflows. Earlier it was solely the responsibility of programmers/developers to make sure that there is no possibility of a buffer overflow in their code but with time compilers like gcc have got flags to make sure that buffer overflow problems are not exploited by crackers to damage a system or a program. I came to know about these flags when I was trying to reproduce a buffer overflow on my Ubuntu 12.04 with gcc 4.6.3 version. Here is what I was trying to do :
Search
#include <stdio.h> #include <string.h> int main(void) { int len = 0; char str[10] = {0};
pdfcrowd.com
printf("\n Enter the name \n"); gets(str); // Used gets() to cause buffer overflow printf("\n len = [%d] \n", len); len = strlen(str); printf("\n len of string entered is : [%d]\n", len); return 0; }
EBO O KS
In the code above, I have used gets() to accept a string from user. and then calculated the length of this string and printed back on stdout. The idea here is to input a string whose length is more than 10 bytes. Since gets() does not check array bounds so it will try to copy the input in the str buffer and this way buffer overflow will take place. This is what happened when I executed the program:
$ ./stacksmash Enter the name TheGeekStuff len = [0] len of string entered is : [12] *** stack smashing detected ***: ./stacksmash terminated ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xb76e4045] /lib/i386-linux-gnu/libc.so.6(+0x103ffa)[0xb76e3ffa] ./stacksmash[0x8048548] /lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb75f94d3] ./stacksmash[0x8048401] ======= Memory map: ========
pdfcrowd.com
08048000-08049000 r-xp 00000000 08:06 528260 08049000-0804a000 r--p 00000000 08:06 528260 0804a000-0804b000 rw-p 00001000 08:06 528260 0973a000-0975b000 rw-p 00000000 00:00 0 b75af000-b75cb000 r-xp 00000000 08:06 787381 b75cb000-b75cc000 r--p 0001b000 08:06 787381 b75cc000-b75cd000 rw-p 0001c000 08:06 787381 b75df000-b75e0000 rw-p 00000000 00:00 0 b75e0000-b7783000 r-xp 00000000 08:06 787152 b7783000-b7784000 ---p 001a3000 08:06 787152 b7784000-b7786000 r--p 001a3000 08:06 787152 b7786000-b7787000 rw-p 001a5000 08:06 787152 b7787000-b778a000 rw-p 00000000 00:00 0 b7799000-b779e000 rw-p 00000000 00:00 0 b779e000-b779f000 r-xp 00000000 00:00 0 b779f000-b77bf000 r-xp 00000000 08:06 794147 b77bf000-b77c0000 r--p 0001f000 08:06 794147 b77c0000-b77c1000 rw-p 00020000 08:06 794147 bfaec000-bfb0d000 rw-p 00000000 00:00 0 Aborted (core dumped)
/home/himanshu/practice/stacksmash /home/himanshu/practice/stacksmash /home/himanshu/practice/stacksmash [heap] /lib/i386-linux-gnu/libgcc_s.so.1 /lib/i386-linux-gnu/libgcc_s.so.1 /lib/i386-linux-gnu/libgcc_s.so.1 /lib/i386-linux-gnu/libc-2.15.so /lib/i386-linux-gnu/libc-2.15.so /lib/i386-linux-gnu/libc-2.15.so /lib/i386-linux-gnu/libc-2.15.so
Well, this came in as pleasant surprise that the execution environment was somehow able to detect that buffer overflow could happen in this case. In the output you can see that stack smashing was detected. This prompted me to explore as to how buffer overflow was detected. While searching for the reason, I came across a gcc flag -fstack-protector. Here is the description of this flag (from the man page) : -fstack-protector Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an
P OP ULAR P OS TS 12 Amazing and Essential Linux Books To Enrich Your Brain and Library 50 UNIX / Linux Sysadmin Tutorials 50 Most Frequently Used UNIX / Linux Commands (With Examples) How To Be Productive and Get Things Done Using GTD 30 Things To Do When you are Bored and have a Computer
pdfcrowd.com
error message is printed and the program exits. NOTE: In Ubuntu 6.10 and later versions this option is enabled by default for C, C++, ObjC, ObjC++, if none of -fno-stack-protector, -nostdlib, nor -ffreestanding are found.
Computer Linux Directory Structure (File System Structure) Explained with Examples Linux Crontab: 15 Awesome Cron Job Examples Get a Grip on the Grep! 15 Practical Grep Command Examples Unix LS Command: 15 Practical Examples
So you see that gcc has got this flag that emits extra code to check buffer overflows. Now the next question that came into my mind was that I never included this flag while compilation then how this functionality got enabled. Then I read the last two lines that said for Ubuntu 6.10 this functionality is enabled by default. Then, as a next step, I decided to deactivate this functionality by using the flag -fno-stackprotector while compilation and then try to execute the same use-case that I was doing earlier. Here is how I did it :
15 Examples To Master Linux Command Line History Top 10 Open Source Bug Tracking System Vi and Vim Macro Tutorial: How To Record and Play Mommy, I found it! -- 15 Practical Linux Find Command Examples 15 Awesome Gmail Tips and Tricks 15 Awesome Google Search Tips and Tricks RAID 0, RAID 1, RAID 5, RAID 10 Explained with Diagrams Can You Top This? 15 Practical Linux Top Command Examples Top 5 Best System Monitoring Tools Top 5 Best Linux OS Distributions How To Monitor Remote Linux Host using Nagios 3.0 Awk Introduction Tutorial 7 Awk Print Examples How to Backup Linux? 15 rsync Command Examples
$ gcc -Wall -fno-stack-protector stacksmash.c -o stacksmash $ ./stacksmash Enter the name TheGeekStuff len = [26214] len of string entered is : [12]
So we see that once the code was compiled with this flag then with the same input, the execution environment was not able to detect buffer overflow that actually happened and corrupted the value of variable len. Also, if you are new to gcc, you should understand the most frequently used gcc compiler open in browser PRO version Are you a developer? Try out the HTML to PDF API
The Ultimate Wget Download Guide With 15 Awesome Examples Top 5 Best Linux Text Editors Packet Analyzer: 15 TCPDUMP Command Examples The Ultimate Bash Array Tutorial with 15 Examples
pdfcrowd.com
3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
Share
Comment
Unix Sed Tutorial: Advanced Sed Substitution Examples UNIX / Linux: 10 Netstat Command Examples
The Ultimate Guide for Creating Strong Passwords 6 Steps to Secure Your Home Wireless Network Turbocharge PuTTY with 12 Powerful Add-Ons
Tags: Buffer Overflow Tutorial, Buffer Overrun Detec ted, Prevent Buffer Overflow, Stack Smashing Detec ted
pdfcrowd.com
Leave a Comment
Name E-mail Website
Submit
P RE V IOUS P OS T :
Contact Us
Email Me : Use this Contact Form to get in touch me with your comments, questions or suggestions about this site. You can also simply drop me a line to say hello!.
Support Us
Support this blog by purchasing one of my ebooks. Bash 101 Hacks eBook
pdfcrowd.com
write articles that will either teach you or help you resolve a problem. Read more about Ramesh Natarajan and the blog.
Sed and Awk 101 Hacks eBook Vim 101 Hacks eBook Nagios Core 3 eBook
Copyright 20082013 Ramesh Natarajan. All rights reserved | Terms of Service | Advertise
pdfcrowd.com