How to enable environment for buffer overflow?

[Xcross87]

Hi Mandri-ers,

 

I'm currently studying security under Linux. However, it doesn't seem to work for me in Mandriva.

 

The source: (of source, 100% buffer overflow)

 

#include <stdio.h>
#include <string.h>

int main( int argc, char *argv[] )
{
char buffer[100];
strcpy( buffer, argv[1] );
return 0;
}

 

I've Googled and did all these:

 

1. Disable GCC Stack Protector (-fno-stack-protector)

2. Disable source check (-D_FORTIFY_SOURCE=0)

3. Disable ASLR (kernel.randomize_va_space=0)

4*. Enable GNU_STACK ELF Markings (-z exestack)

 

I've done 1,2,3, including 4 in final compiling command:

$ gcc -fno-stack-protector -z exestack -D_FORTIFY_SOURCE=0 -o overflow overflow.c && readelf -l overflow | grep -i stack
 GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4

 

Guess what?

It still doesn't work out. EIP is not overwritten...

As you can see above, the ./overflow still can't execute stack even I specify option "-z exestack" (RWE), it still gives the final binary (RW) instead.

 

My system info:

Mandriva Linux 2009.1
Linux localhost 2.6.29.6-desktop-1mnb #1 SMP Sun Jul 5 19:57:54 EDT 2009 i686 Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz GNU/Linux

 

Anyone know how can I setup the environment for this?

I really need helps right now.

 

Best regards,

Edited August 14, 2009 by Xcross87