On Thu, Jun 08, 2006 at 01:23:42AM -0400, Robert Hudock wrote:
Question:
For some reason on suse 10.0 and 10.1 I cannot overflow the buffer so as to overwrite EIP no matter what. The attached code is a very simple example to illustrate my issue. Basically the following is what I get when the program segfaults on SuSE 10.1.
However, the attached program produced the expected results 0x41414141 in main () on FreeBSD versions 5.3 and 6.1, on redhat 7.2
Any ideas why this is happening? What sort of security controls are in place that prevent this from happening? Are these controls unique to SuSE?
----------------------------------- plato@zion:~> gdb ./overflow (gdb) run Starting program: /home/plato/overflow warning: Lowest section in system-supplied DSO at 0xffffe000 is .hash at ffffe0b4
Program received signal SIGSEGV, Segmentation fault. 0x080483ec in main () at overflow.c:6 6 }
You wrote over the end of the stack page into unallocated memory most likely.
(gdb)
------------------------------------------
Regards,
Robert Hudock
main () { char str1[10]; strcpy (str1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
Try a shorter string (perhaps 15 - 20 A) first. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org