In this episode of The Decision, I cover some of the issues that people run into as they start experimenting and exploring stack-based buffer overflows on Linux. Stack smashing is an interesting and rewarding exercise for security enthusiasts. It perfectly illustrates the idea of what can go wrong when trusting user input.

Hopefully with a handful of tips on the "gotchas" we can make it a bit less frustrating at the start.

Show Notes:

First off, core dumps are typically not turned on by default. You can turn this on using:

ulimit -c unlimited

Stack protection in the form of non-executable stack is also an issue with many distributions. A couple of things to check are:

echo "0">>/proc/sys/kernel/exec-protect

and the gcc directive -fno-stack-protector:

gcc -fno-stack-protector -o < filename > < filename >.c

Finally, the biggy, the ubiquitous and ever frustrating, stack randomization.

echo "0">>/proc/sys/kernel/randomize_va_space

Those are some of the commands and usages that you might need to get started.

The popularity of overflows have secured this attack as one of the most documented security issues and reading material abounds. The two books that I mention in the show are The Shellcoder's Handbook and Buffer Overflows, both are available at Amazon.

Other Items of Interest:

• GNUCITIZEN has an awesome router hacking challenge going on.
• Linus calls down the fire on OS X
• Johnny Long posts Ten Security Searches That Work

This episode has been removed because of misleading content.

 

 Issues With Stack Smashing [36:03m]: Play Now | Play in Popup | Download (157)

This entry was posted on Wednesday, February 6th, 2008 at 8:30 pm and is filed under Podcast. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.