stack execution protection and randomization on ubuntu

Question

Hi all,

As part of a course assignment i need to write an exploit code to cause a buffer overflow and execute code that is present on stack.

I have turned off the stack randomiztion by the following command: sysctl -w kernel.randomize_va_space=0 However, i am unable to find a way to turn off the stack execution protection. I am not sure whether there is some stack exec protection in ubuntu or not... so my first question is whether there is something like red hat's exec-shield in ubuntu 8.10 and if there is, how can we turn it off.

I have been trying to cause a buffer overflow and execute instruction from stack, but whenever i try to do so, it gives me a seg fault.

i ve got ubuntu 8.10 64 bit, HOWEVER, the program im debugging is compiled on an i386 machine with stack protection turned off.

Regards, Numan

Answer 1

Would this link help?

Answer 2

This doesn't work. There must be another stack protection in Ubuntu, that prevents the overwriting of the EIP.

Answer 3

You probably want to compile with the -z execstack flag in your GCC compilation, along with -fno-stack-protector (to disable GCC's SSP/Propolice stack protection), i.e:

gcc -fno-stack-protector -z execstack -o vuln vuln.c

Everything should probably turn out jake after this. Note that sysctl -w kernel.randomize_va_space=0 is just address space randomization, and not stack protection, per-se; which can be brute forced against.