Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Segmentation fault

  1. #11
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Segmentation fault

    Some comments:

    As you see, the string does not just consist of the address of bar (last 4 bytes), but also some gibberish before it (there is nothing sacred about "1234", it could be anything). This is because we are trying to overwrite the return address. On my machine, the stack looks like this:

    Code:
    +----------------+
    | return address |   buf[22-25]
    +----------------+
    |  saved ebp     |   buf[18-21]
    +----------------+
    |   buf[14-17]   |
    +----------------+
    |   buf[10-13]   |
    +----------------+
    |   buf[6-9]     |
    +----------------+
    |   buf[2-5]     |
    +--------+-------+
    |        |buf[0-1]
    +--------+-------+
    So in order to overwrite the return address, we need to write on buf[22] to buf[25]. I suspect that in order to not segfault at all, we would need to write a good value on the saved ebp as well...

    Quote Originally Posted by trent.josephsen View Post
    That is what should generally happen when you overflow a buffer (and thereby scribble on memory you don't own). If you think there's a reason your code should not segfault, please post it.
    The point is that here we are writing on memory that we own, but shouldn't write to. This is why the x86 arch is so bad from a security standpoint: it trusts that you are not going to write to some places, even though you technically can because you own them.
    Last edited by Bachstelze; November 16th, 2012 at 06:18 PM.
    「明後日の夕方には帰ってるからね。」


  2. #12
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Segmentation fault

    Also...

    Quote Originally Posted by goldy2425 View Post
    I am new to linux and need urgent help.
    I have no idea why something like this would be so urgent. If you want to use it for a prank, grow up. If it's homework, I suggest you actually pay attention in class.
    「明後日の夕方には帰ってるからね。」


  3. #13
    Join Date
    Nov 2012
    Beans
    4

    Re: Segmentation fault

    Thanks everyone for the quick response, I really appreciate that.
    @Bachstelze I have to give a presentation on buffer overflow attack with a small demo. I am trying my best to make a small program to demonstrate this attack . I have turn off all the security but still it giving me the same error...
    Quote Originally Posted by Bachstelze View Post
    Also...



    I have no idea why something like this would be so urgent. If you want to use it for a prank, grow up. If it's homework, I suggest you actually pay attention in class.
    Last edited by lisati; November 16th, 2012 at 11:01 PM. Reason: Edit font to comply with CoC

  4. #14
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Segmentation fault

    Then you should tell whoever asked you to give a presentation on this that you do not have the necessary knowledge and to ask someone else.
    「明後日の夕方には帰ってるからね。」


  5. #15
    Join Date
    Jun 2007
    Location
    Maryland, US
    Beans
    6,239
    Distro
    Kubuntu

    Re: Segmentation fault

    Quote Originally Posted by goldy2425 View Post
    ... I have to give a presentation on buffer overflow attack with a small demo.
    Depending on the audience at your demo, you may want to avoid any embarrassment from using the function strcpy().

    Anybody who has any background with Information Assurance (IA) knows that function is considered evil and its use should be avoided. Only an amateur programmer would use strcpy().

    Use strncpy() (or better yet, strlcpy() if available) instead.

  6. #16
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Segmentation fault

    Quote Originally Posted by dwhitney67 View Post
    Anybody who has any background with Information Assurance (IA) knows that function is considered evil and its use should be avoided. Only an amateur programmer would use strcpy().
    The problem is that there are a lot of mediocre ("amateur" is not the correct word since they get paid, sometimes a lot) programmers in the world, writing code that gets used in real programs. If the purpose is to demonstrate how to exploit real programs, then of course you are going to need a poorly written one. If the program is correctly written, there is nothing to exploit.

    (As an aside, this is why I'm not terribly interested in software security. Taking advantage of people's stupidity and/or ignorance is only fun for so long.)
    Last edited by Bachstelze; November 16th, 2012 at 11:22 PM.
    「明後日の夕方には帰ってるからね。」


  7. #17
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Segmentation fault

    Quote Originally Posted by schauerlich View Post
    So, it's a hack-y way to get a printout of the stack without GDB and friends. It's a hack, platform specific, and not guaranteed to work in other environments.
    Thank you for the explanation. I know just enough C to know that something didn't look quite right.
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •