Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


Closed Thread
  Search this Thread
Old 11-10-2004, 05:03 PM   #1
LQ Newbie
Registered: Nov 2004
Posts: 4

Rep: Reputation: 0
EIP issues with newer versions of Linux


I'm an aspiring security specialist and am currently working on my first buffer overflow. (using The Shellcoders Handbook by Jack Koziol.)
However, while it seems to work on older versions of linux, in fedora core 2 I can not overwrite EIP no matter how hard I try. EBP no problem but not EIP. Anyways, any help or direction would be fantastic. Thanks in advance.

Old 11-10-2004, 08:34 PM   #2
Senior Member
Registered: May 2004
Location: california
Distribution: mdklinux8.1
Posts: 1,209

Rep: Reputation: 45
neophytic; attempt to program with c++, c or visual basic. from info are u dealing with a hispeed
system? as u know EIP deals with program counter. either address or instruction registers.
logic, constants and counters check:
calculate,compare and copy. or u dealing with corporate system? that is another twist.
Old 11-10-2004, 09:03 PM   #3
LQ Newbie
Registered: Nov 2004
Posts: 4

Original Poster
Rep: Reputation: 0
Sorry for being so indescriptive. I created a fedora core 2 system to play around on. I created a program in C listed here:

void return_input(void)
char array[30];

gets (array);
printf("%s\n", array);


return 0;

Obviously, there is a glaring overflow vulnerability within the return_input function. I compiled the program with gcc using the -mpreferred-stack-boundary=2 -ggdb option listed here:

[neophyte@localhost overflow_pg19]$ gcc -mpreferred-stack-boundary=2 -ggdb overflow.c

/tmp/ccsyJRjA.o(.text+0xb): In function `return_input':
/home/neophyte/code/shellcoders_handbook/overflow_pg19/overflow.c:5: warning: the `gets' function is dangerous and should not be used.

Segmentation Fault (core dumped)


[neophyte@localhost overflow_pg19]$ gdb overflow core.xxxxxx

info registers

and here we have it: ebp is x41414141 (cap A's)
and unfortunately eip is x80483c8

it seems no matter what I do I can not override eip. There is something obviously limiting this from happening and I'm not sure what it is. Any help would be greatly appreciated. Thanks again!

Old 11-16-2004, 04:59 PM   #4
LQ Newbie
Registered: Nov 2004
Posts: 2

Rep: Reputation: 0
Fedora core and some newer versions of linux come with stack protections. Fedora especifically has Exec shield by default. Common technicas just wont do due to the fact exec shield will randomize an protect eip from being overwritten. If its your firts time you are trying to exploit a program i recommend you, dissable exec shield or get another distro like slackware 9 or mandrake
Old 11-16-2004, 09:12 PM   #5
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.

Please direct replies to:

Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
newer Mandrake versions auto-update features paranoid times Linux - Newbie 2 01-12-2005 01:32 AM
Problems with Linux BAD EIP VALUE msansot Linux - Hardware 0 09-21-2004 03:26 PM
Looking for NEWER Linux Commercial Caldrin General 3 07-23-2004 03:51 PM
USB Modems etc. (CDCEther) in newer kernel versions fnoble Linux - Networking 0 07-31-2003 07:49 AM
Just to make sure (slackware/newer versions) vexer Slackware 1 01-17-2003 03:28 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:52 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration