Bypassing gcc Stack protection?
131 views
Skip to first unread message
null null
Sep 25, 2009, 6:38:59 AM9/25/09
to null-...@googlegroups.com
Any pointers on how to bypass gcc stack protection ( -fstack-protector).
I'm looking out for a practical and reliable solution.
I'm looking out for a practical and reliable solution.
--
Cheers,
@
Abhisek Datta
Sep 25, 2009, 6:51:33 AM9/25/09
to null-...@googlegroups.com
Hello,
AFAIK there is no generic method to bypass gcc stack protector (canary
protection). However there are some twist and turns which might help
in practical scenarios, for eg. a given procedure stack will have
canary protection only if there is atleast 1 char buffer by default
unless -fstack-protector-all is used (which is not the case by default
for most distros). If a given function only declares int, and not char
type buffer, then that particular stack won't be protected by
canaries.
Normally people who need to write practically useful exploit targets
application specific data structures like function pointers, function
parameters etc. and other meta-information which can be controlled to
alter the legitimate program control flow.
-abhisek
AFAIK there is no generic method to bypass gcc stack protector (canary
protection). However there are some twist and turns which might help
in practical scenarios, for eg. a given procedure stack will have
canary protection only if there is atleast 1 char buffer by default
unless -fstack-protector-all is used (which is not the case by default
for most distros). If a given function only declares int, and not char
type buffer, then that particular stack won't be protected by
canaries.
Normally people who need to write practically useful exploit targets
application specific data structures like function pointers, function
parameters etc. and other meta-information which can be controlled to
alter the legitimate program control flow.
-abhisek
Harshad Patil
Sep 25, 2009, 12:17:41 PM9/25/09
to null-...@googlegroups.com
Can anyone tell me are there any tools for doing security check for silverlight web application specifically and a normal website
--
h.s.patil
Reply all
Reply to author
Forward
0 new messages