Jump to content

How to enable environment for buffer overflow?

Recommended Posts

Hi Mandri-ers,


I'm currently studying security under Linux. However, it doesn't seem to work for me in Mandriva.


The source: (of source, 100% buffer overflow)


#include <stdio.h>
#include <string.h>

int main( int argc, char *argv[] )
char buffer[100];
strcpy( buffer, argv[1] );
return 0;


I've Googled and did all these:


1. Disable GCC Stack Protector (-fno-stack-protector)

2. Disable source check (-D_FORTIFY_SOURCE=0)

3. Disable ASLR (kernel.randomize_va_space=0)

4*. Enable GNU_STACK ELF Markings (-z exestack)


I've done 1,2,3, including 4 in final compiling command:

$ gcc -fno-stack-protector -z exestack -D_FORTIFY_SOURCE=0 -o overflow overflow.c && readelf -l overflow | grep -i stack
 GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4


Guess what?

It still doesn't work out. EIP is not overwritten...

As you can see above, the ./overflow still can't execute stack even I specify option "-z exestack" (RWE), it still gives the final binary (RW) instead.


My system info:

Mandriva Linux 2009.1
Linux localhost #1 SMP Sun Jul 5 19:57:54 EDT 2009 i686 Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz GNU/Linux


Anyone know how can I setup the environment for this?

I really need helps right now.


Best regards,

Edited by Xcross87
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...