Hello. I recently started reading a book called "Hacking: the art of exploitation", by Jon Erickson, and some of the examples involve using buffer overflow bugs in some of the other examples. Unfortunately I assume that since the book was written some extra security has been added to the kernel, because whenever I run the examples I get an error that tells me "stack smashing" has been detected, and it terminates my program. My question is this: Is there some kind of kernel module I can remove to prevent this or something I can do? Here is one of the examples:
Code:
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <string.h>
4
5 int check_authentication(char *password) {
6 char password_buffer[16];
7 int auth_flag = 0;
8
9 strcpy(password_buffer, password);
10
11 if(strcmp(password_buffer, "brillig") == 0)
12 auth_flag = 1;
13 if(strcmp(password_buffer, "outgrabe") == 0)
14 auth_flag = 1;
15
16 return auth_flag;
17 }
18
19 int main(int argc, char *argv[]) {
20 if(argc < 2) {
21 printf("Usage: %s <password>\n", argv[0]);
22 exit(0);
23 }
24 if(check_authentication(argv[1])) {
25 printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
26 printf(" Access Granted.\n");
27 printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
28 } else {
29 printf("\nAccess Denied.\n");
30 }
31 }
And here is the executed command with the output:
Code:
./auth_overflow AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** stack smashing detected ***: ./auth_overflow terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7f0d138]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7f0d0f0]
./auth_overflow[0x8048514]
[0x41414141]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:05 565274 /home/petdav/Hacking/ch3/auth_overflow
08049000-0804a000 rw-p 00000000 08:05 565274 /home/petdav/Hacking/ch3/auth_overflow
0804a000-0806b000 rw-p 0804a000 00:00 0 [heap]
b7e14000-b7e1e000 r-xp 00000000 08:05 373952 /lib/libgcc_s.so.1
b7e1e000-b7e1f000 rw-p 0000a000 08:05 373952 /lib/libgcc_s.so.1
b7e1f000-b7e20000 rw-p b7e1f000 00:00 0
b7e20000-b7f69000 r-xp 00000000 08:05 391482 /lib/tls/i686/cmov/libc-2.7.so
b7f69000-b7f6a000 r--p 00149000 08:05 391482 /lib/tls/i686/cmov/libc-2.7.so
b7f6a000-b7f6c000 rw-p 0014a000 08:05 391482 /lib/tls/i686/cmov/libc-2.7.so
b7f6c000-b7f6f000 rw-p b7f6c000 00:00 0
b7f81000-b7f83000 rw-p b7f81000 00:00 0
b7f83000-b7f84000 r-xp b7f83000 00:00 0 [vdso]
b7f84000-b7f9e000 r-xp 00000000 08:05 373907 /lib/ld-2.7.so
b7f9e000-b7fa0000 rw-p 00019000 08:05 373907 /lib/ld-2.7.so
bff82000-bff97000 rw-p bffeb000 00:00 0 [stack]
Aborted
I'm obviously not trying to break into someone's server here, I'm just trying to learn from the example, so I'd appreciate anything anyone can tell me.
Thanks,
-Peter