Disabling Security in Ubuntu 8.04

worldgnat · 08-14-2008, 04:59 PM

Hello. I recently started reading a book called "Hacking: the art of exploitation", by Jon Erickson, and some of the examples involve using buffer overflow bugs in some of the other examples. Unfortunately I assume that since the book was written some extra security has been added to the kernel, because whenever I run the examples I get an error that tells me "stack smashing" has been detected, and it terminates my program. My question is this: Is there some kind of kernel module I can remove to prevent this or something I can do? Here is one of the examples:

Code:

1	#include <stdio.h>
     2	#include <stdlib.h>
     3	#include <string.h>
     4	
     5	int check_authentication(char *password) {
     6		char password_buffer[16];
     7		int auth_flag = 0;
     8	
     9		strcpy(password_buffer, password);
    10	
    11		if(strcmp(password_buffer, "brillig") == 0)
    12			auth_flag = 1;
    13		if(strcmp(password_buffer, "outgrabe") == 0)
    14			auth_flag = 1;
    15	
    16		return auth_flag;
    17	}
    18	
    19	int main(int argc, char *argv[]) {
    20		if(argc < 2) {
    21			printf("Usage: %s <password>\n", argv[0]);
    22			exit(0);
    23		}
    24		if(check_authentication(argv[1])) {
    25			printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
    26			printf("        Access Granted.\n");
    27			printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
    28		} else {
    29			printf("\nAccess Denied.\n");
    30		}
    31	}

And here is the executed command with the output:

Code:

./auth_overflow AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** stack smashing detected ***: ./auth_overflow terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f0d138]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7f0d0f0]
./auth_overflow[0x8048514]
[0x41414141]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:05 565274     /home/petdav/Hacking/ch3/auth_overflow
08049000-0804a000 rw-p 00000000 08:05 565274     /home/petdav/Hacking/ch3/auth_overflow
0804a000-0806b000 rw-p 0804a000 00:00 0          [heap]
b7e14000-b7e1e000 r-xp 00000000 08:05 373952     /lib/libgcc_s.so.1
b7e1e000-b7e1f000 rw-p 0000a000 08:05 373952     /lib/libgcc_s.so.1
b7e1f000-b7e20000 rw-p b7e1f000 00:00 0 
b7e20000-b7f69000 r-xp 00000000 08:05 391482     /lib/tls/i686/cmov/libc-2.7.so
b7f69000-b7f6a000 r--p 00149000 08:05 391482     /lib/tls/i686/cmov/libc-2.7.so
b7f6a000-b7f6c000 rw-p 0014a000 08:05 391482     /lib/tls/i686/cmov/libc-2.7.so
b7f6c000-b7f6f000 rw-p b7f6c000 00:00 0 
b7f81000-b7f83000 rw-p b7f81000 00:00 0 
b7f83000-b7f84000 r-xp b7f83000 00:00 0          [vdso]
b7f84000-b7f9e000 r-xp 00000000 08:05 373907     /lib/ld-2.7.so
b7f9e000-b7fa0000 rw-p 00019000 08:05 373907     /lib/ld-2.7.so
bff82000-bff97000 rw-p bffeb000 00:00 0          [stack]
Aborted

I'm obviously not trying to break into someone's server here, I'm just trying to learn from the example, so I'd appreciate anything anyone can tell me.

Thanks,
-Peter

worldgnat · 08-14-2008, 06:37 PM

Dumb question, I apologize. The answer is as follows, for those who encounter the same problem:

gcc -o auth_overflow -fno-stack-protector auth_overflow.c

-Peter

syg00 · 08-14-2008, 07:14 PM

No it wasn't (dumb) - but a quick google would have found a wikipedia article.
Interesting that Ubuntu includes the patch, but not gcc by default. Or do they these days ???.

worldgnat · 08-14-2008, 08:14 PM

Yeah, I forgot.

It's been a while since I installed 8.04, but I'm pretty sure I had to install the usual binutils, gcc, make, automake, etc.