Illustration of buffer overflows for students (linux, C)

Posted by osgx on Stack Overflow See other posts from Stack Overflow or by osgx
Published on 2010-04-15T21:25:50Z Indexed on 2010/04/15 21:43 UTC
Read the original article Hit count: 364


My friend is teacher of first-year CS students. We want to show them buffer overflow exploitation. But modern distribs are protected from simples buffer overflows:

HOME=`perl -e "print 'A'x269"`  one_widely_used_utility_is_here --help

on debian (blame it)

Caught signal 11,

on modern commercial redhat

*** buffer overflow detected ***: /usr/bin/one_widely_used_utility_is_here terminated
======= Backtrace: =========
======= Memory map: ========
00336000-00341000 r-xp 00000000 08:02
2751047    /lib/
00341000-00342000 rwxp 0000a000 08:02
2751047    /lib/
008f3000-008f4000 r-xp 008f3000 00:00 0          [vdso]

The same detector fails for more synthetic examples from the internet.

How can we demonstrate buffer overflow with modern non-GPL distribs (there is no debian in classes)

How can we

  • DISABLE canary word checking in stack ?
  • DISABLE checking variants of strcpy/strcat ?
  • write an example (in plain C) with working buffer overrun ?

© Stack Overflow or respective owner

Related posts about stackoverflow

Related posts about buffer-overflow