Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Exploiting buffer overflows via protected GCC
From: Marcus Meissner <meissner () suse de>
Date: Mon, 16 Feb 2009 15:06:21 +0100

On Mon, Feb 16, 2009 at 09:00:33AM -0500, ArcSighter Elite wrote:
James Matthews wrote:
I would recommend doing the following things.

1. Ask on the Ubuntu GCC list what protection is implemented. (Or just look
at the source)
2. Use GCC to see where the execution is being redirected and so you can
have a better visual of whats going on.
3. Are you sure the stack is executable?

_fortify_fail is caused by the light weight buffer overflow checking,
enabled by the -D_FORTIFY_SOURCE=2 compile time flag.

Ciao, Marcus

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]