Does Linux Have A Way To Protecte Itself From BufferOver Flows?

[Barakat]

Hello Guys !

I have a question about buffer overflaw, in this program :

PHP Code:

#include <stdio.h>
#include <string.h>


int main(int argc, char **argv) {

char buf[10];

if(argc < 2) return 1;

strcpy(buf, argv[1]);

printf("%s\n", buf);

return 0;
} 


when I try to make this program flow in the memory :

Code:

[Barakat/at/System ~]$ gdb buff 
GNU gdb (GDB) Fedora (7.1-34.fc13)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
<>...
Reading symbols from /home/Barakat/buff...(no debugging symbols found)...done.
(gdb) run AAAAAAAAAAAAAAAAAAAAAAAAAAAA
Starting program: /home/Barakat/buff AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAA

Program received signal SIGSEGV, Segmentation fault.
0x08048434 in main () 
Missing separate debuginfos, use: debuginfo-install glibc-2.12.1-4.i686
(gdb) info registers 
eax            0x0    0
ecx            0xbcd4e0    12375264
edx            0xbce340    12378944
ebx            0xbccff4    12374004
esp            0xbffff26c    0xbffff26c
ebp            0x41414141    0x41414141
esi            0x0    0
edi            0x0    0
eip            0x8048434    0x8048434 <main+64>
eflags         0x210246    [ PF ZF IF RF ID ]
cs             0x73    115
ss             0x7b    123
ds             0x7b    123
es             0x7b    123
fs             0x0    0
gs             0x33    51
(gdb)

It should to be like this :

Code:

Program received signal SIGSEGV, Segmentation fault. 
0x41414141 in ?? () 
(gdb) info registers 
eax 0x0 0 
ecx 0x1000 4096 
edx 0xd1c448 13747272 
ebx 0xd1aff4 13742068 
esp 0xbfffdcd0 0xbfffdcd0 
ebp 0x41414141 0x41414141 
esi 0x0 0 
edi 0xa38cc0 10718400 
eip 0x41414141 0x41414141 
eflags 0x210286 [ PF SF IF RF ID ] 
cs 0x73 115 
ss 0x7b 123 
ds 0x7b 123 
es 0x7b 123 
fs 0x0 0 
gs 0x33 51 
(gdb)

So that A (41 in hex) should to be written on the EPI but that didn't happen

Does linux have a way to protect itself against buffer overflows so that the buffer overflow fail ?
I can't continue with the book that I read because of this "In a few words I'm stuck now "...

..

[Cabhan]

The instruction pointer (EIP) is a register. By to buf, you are writing to memory. You cannot affect a register by writing to memory.

You are receiving a segmentation fault because you are writing to unallocated memory. Basically, you allocated ten bytes on your stack for the buf array, but are writing past it.

A buffer overflow attack would require having special allocated memory that is overwritten. I won't go into too many details, but it would basically require writing further up on the stack to overwrite something like the return address.

In general, Linux does not have anything to protect itself against buffer overflow attacks. However, this attack appears to be assuming a particular layout, with local variables allocated above the return address, which is not the case.

Newer versions of gcc do contain a -fstack-protector option that adds checks for stack smashing attacks. You can see a bit more detail by checking the gcc man page for this option.

If you tell us exactly what the attack you are attempting is trying to do, we may be able to provide more advice.