我想对各种虚拟机上的缓冲区溢出进行一些实验,包括(但不限于)Debian 6,Ubuntu 12.04,Fedora 16,但是每次我尝试执行缓冲区溢出漏洞时,都会收到以下消息:
stack smashing detected (core dumped)
经过研究,我读到它是在编译器中实现的称为缓冲区溢出保护的功能。GCC例如使用GCC堆栈溢出保护(ProPolice) ,锵/ LLVM使用两个缓冲溢出探测器,SafeCode和AddressSanitizer。
我的问题是:由于我真的想检查我机器上的缓冲区溢出攻击,是否有办法(编译器标志,也许是Linux配置文件?)停用缓冲区溢出保护?
Answers:
在gcc(man gcc)上通过以下方式启用检查
-fstack-protector Emit extra code to check for buffer overflows, such as stack smashing attacks. >This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with >buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check >fails, an error message is printed and the program exits. -fstack-protector-all Like -fstack-protector except that all functions are protected.
您可以通过no-在选项名称前加前缀来禁用两者
-fno-stack-protector -fno-stack-protector-all
在LLVM / Clang(http://clang.llvm.org/docs/UsersManual.html#commandline)上启用/禁用AdressSanitizer:
-f [no-] address-sanitizer:打开内存错误检测器AddressSanitizer。
和SAFECode(http://safecode.cs.illinois.edu/docs/UsersGuide.html)
-f [无]内存安全
__stack_chk_fail(例如strings /bin/mybinary | grep __stack_chk_fail
-fno-stack-protector-all未被识别(-fstack-protector,-fstack-protector-all并且-fno-stack-protector被识别)
gcc: error: unrecognized command line option ‘-fno-stack-protector-all’; did you mean ‘-fstack-protector-all’?