Thursday, May 11, 2006

Linux Stack Randomization

The linux kernel now randomizes the stack pointer, making straightforward buffer overflows a bit of a pain to do now. According to Buffer Overflows: Exploit, Attack, Prevent, it's been in the kernel since 2.4.20 (but for hyperthreading, not security purposes). this message from the LKML seems to confirm this, and from what I understand, the randomization is done over a fairly large space.

Plus, some experimentation I did today seems to show that setting environment variables changes the stack pointer as well. I'm not 100% sure if this is true, or why, but I think I need more information about what the memory layout for a process looks like. Also, I seem to have gotten a buffer overflow to work in a 2.6.15 kernel with static addresses, in spite of the stack randomization. However, I don't exactly know how, or if I can reproduce it.

Oh well, back to the drawing board.


Post a Comment

<< Home