[opensuse] overflow issue w/ EIP
Question: For some reason on suse 10.0 and 10.1 I cannot overflow the buffer so as to overwrite EIP no matter what. The attached code is a very simple example to illustrate my issue. Basically the following is what I get when the program segfaults on SuSE 10.1. However, the attached program produced the expected results 0x41414141 in main () on FreeBSD versions 5.3 and 6.1, on redhat 7.2 Any ideas why this is happening? What sort of security controls are in place that prevent this from happening? Are these controls unique to SuSE? ----------------------------------- plato@zion:~> gdb ./overflow GNU gdb 6.4 Copyright 2005 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64-suse-linux"...Using host libthread_db library "/lib64/libthread_db.so.1". (gdb) run Starting program: /home/plato/overflow warning: Lowest section in system-supplied DSO at 0xffffe000 is .hash at ffffe0b4 Program received signal SIGSEGV, Segmentation fault. 0x080483ec in main () at overflow.c:6 6 } (gdb) ------------------------------------------ Regards, Robert Hudock --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
On 6/8/06, Robert Hudock
Question:
For some reason on suse 10.0 and 10.1 I cannot overflow the buffer so as to overwrite EIP no matter what. The attached code is a very simple example to illustrate my issue. Basically the following is what I get when the program segfaults on SuSE 10.1.
You are reporting that you can't do buffer overflow as an issue??? So what you want is a list of kernel patches that SUSE applies to the SUSE kernel, and see if any of these involve overflow protection. I found this related post: http://lists.suse.com/archive/suse-security/2003-Dec/0128.html As Robert Schiele is still around and frequents this list, maybe he can update us with what has happened since SUSE Linux 9.0 Peter 'PFlodo' Flodin --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
On Thu, Jun 08, 2006 at 01:23:42AM -0400, Robert Hudock wrote:
Question:
For some reason on suse 10.0 and 10.1 I cannot overflow the buffer so as to overwrite EIP no matter what. The attached code is a very simple example to illustrate my issue. Basically the following is what I get when the program segfaults on SuSE 10.1.
However, the attached program produced the expected results 0x41414141 in main () on FreeBSD versions 5.3 and 6.1, on redhat 7.2
Any ideas why this is happening? What sort of security controls are in place that prevent this from happening? Are these controls unique to SuSE?
----------------------------------- plato@zion:~> gdb ./overflow (gdb) run Starting program: /home/plato/overflow warning: Lowest section in system-supplied DSO at 0xffffe000 is .hash at ffffe0b4
Program received signal SIGSEGV, Segmentation fault. 0x080483ec in main () at overflow.c:6 6 }
You wrote over the end of the stack page into unallocated memory most likely.
(gdb)
------------------------------------------
Regards,
Robert Hudock
main () { char str1[10]; strcpy (str1, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
Try a shorter string (perhaps 15 - 20 A) first. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
On Thursday 08 June 2006 08:23, Robert Hudock wrote:
For some reason on suse 10.0 and 10.1 I cannot overflow the buffer so as to overwrite EIP no matter what. The attached code is a very simple example to illustrate my issue. Basically the following is what I get when the program segfaults on SuSE 10.1.
So aren't you going to explain what could you possibly need this for? Because it sounds like you're asking for a bomb recipe... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org
participants (4)
-
Marcus Meissner
-
Peter Flodin
-
Robert Hudock
-
Silviu Marin-Caea