Tagged Questions
1
vote
1answer
59 views
Bypass va_randomize_space and stack-protector
Is a program compiled with the GCC -fstack-protector option and running in a Linux environment with the va_randomize_space kernel variable set to 1, totally protected against buffer overflow attacks?
...
1
vote
1answer
136 views
Can exploit vulnerability if program started with gdb, but segfaults if started without gdb
i'm currently trying to exploit a simple program called basic_vuln.c
#include <stdio.h>
int main(int argc, char** argv) {
char buf[64];
strcpy(buf, argv[1]);
}
I'm using xubuntu ...
1
vote
2answers
158 views
Linux kernel 3.2 syscalls
Just trying to get the assembler instructions for <__execve> of the code below because i want to build the shell spawn opcode list:
#include <stdio.h>
int main()
{
char *happy[2];
...
1
vote
1answer
588 views
Any reasons to why not use randomize_va_space?
I've been looking a bit into kernel options for hardening, and there is one that seems to be a good idea to deploy - randomize_va_space. But before I activate that feature I started a google search, ...
4
votes
2answers
473 views
Difference between vulnerabilities on windows/linux/mac for same program
If someone finds a vulnerability like buffer overflow in a program such as Google Chrome or Mozilla Firefox running on a linux machine, are there any chances that this vulnerability will persist on ...
10
votes
7answers
1k views
Secure memcpy for pure C
Buffer overflows are nothing new. And yet they still appear often, especially in native (i.e. not managed) code...
Part of the root cause, is usage of "unsafe" functions, including C++ staples ...
