Monday, January 19, 2009

Turning off GCC Stack Smashing Protection

When trying to test my code against stack smashing, I'm stuck when the stack smashing protection always disturb me and terminate the program. Thats really frustrated because I'm just want to learn buffer overflow attack. After a short research and googling, I wrote this short tutorial for my own reminder if i forgot it in the next time.

What is stack Smashing protection?

From http://www.trl.ibm.com/projects/security/ssp/ .

It is a GCC (Gnu Compiler Collection) extension for protecting applications from stack-smashing attacks. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers. The basic idea of buffer overflow detection comes from StackGuard system.

How to Bypass SSP?

Let say our program named unprotect.c. To bypass the stack smashing protection, we just compile it with -fno-stack-protector option.

for example:

user@user:~$ gcc -fno-stack-protector unprotect.c -o unprotect


so, when we text the code, the SSP is not activated when we smash the stack.

for example:


user@user:~$printf "%0516x" | ./unprotect
user@user:~$Segmentation fault


yahoo.. we did it..

4 comments:

Anonymous said...

tak faham la bro. Kat mana leh guna benda ni

example010 said...

bende ni gune mase nak compile c code gne gcc.. sbb latest version gcc protect file dari stack smashing.. sori bro, penerangan tak clear sgt sbb aku ingt nak gne sbgai reminder aku je.. hehe

Jeremy said...

You didn't "bypass" the protection, as in get around it-- you just turned it off when you compiled your program. But good luck with the stack smashing.

example010 said...

Thanks for your comment and sorry for the wrong title.. i already repair the title.. Thank you