mailing list archives
Re: Exploiting buffer overflows via protected GCC
From: Marcus Meissner <meissner () suse de>
Date: Mon, 16 Feb 2009 15:06:21 +0100
On Mon, Feb 16, 2009 at 09:00:33AM -0500, ArcSighter Elite wrote:
James Matthews wrote:
I would recommend doing the following things.
1. Ask on the Ubuntu GCC list what protection is implemented. (Or just look
at the source)
2. Use GCC to see where the execution is being redirected and so you can
have a better visual of whats going on.
3. Are you sure the stack is executable?
_fortify_fail is caused by the light weight buffer overflow checking,
enabled by the -D_FORTIFY_SOURCE=2 compile time flag.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/