Recently, I've been studying buffer overflows as an undergraduate student in Computer Engineering. Simply out of interest, I began researching and studying buffer overflows, but have gotten stuck when attempting to implement them in my own C programs on my computer, compiled with GCC 4.9.1 (in Debian Jessie).
I've heard that there are sorts of stack overflow protection in newer compilers, so I'm thinking that my issue is that my compiler version is too new. Either that, or I'm not compiling with the correct flags (none).
So are there good versions of GCC for me to obtain to test buffer overflows? Or should I use a particular flag to prevent stack protection and canaries?
Thank you for your time.
Other buffer overflow protection techniques include bounds checking, which checks accesses to each allocated block of memory so they cannot go beyond the actually allocated space, and tagging, which ensures that memory allocated for storing data cannot contain executable code.
This error occurs when there is more data in a buffer than it can handle, causing data to overflow into adjacent storage. This vulnerability can cause a system crash or, worse, create an entry point for a cyberattack. C and C++ are more susceptible to buffer overflow.
Turning on optimization flags makes the compiler attempt to improve the performance and/or code size at the expense of compilation time and possibly the ability to debug the program. The compiler performs optimization based on the knowledge it has of the program.
Use -zexecstack -fno-stack-protector
to disable stack frame protection and non-executable stack with gcc
.
On your Linux system, you also have to disable address randomization (ASLR) using:
echo 0 > /proc/sys/kernel/randomize_va_space
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With