How to turn off gcc compiler optimization to enable buffer overflow

by

That’s a good problem. In order to solve that problem you will also have to disable ASLR otherwise the address of g() will be unpredictable.

Disable ASLR:

sudo bash -c 'echo 0 > /proc/sys/kernel/randomize_va_space'

Disable canaries:

gcc overflow.c -o overflow -fno-stack-protector

After canaries and ASLR are disabled it should be a straight forward attack like the ones described in Smashing the Stack for Fun and Profit

Here is a list of security features used in ubuntu: https://wiki.ubuntu.com/Security/Features You don’t have to worry about NX bits, the address of g() will always be in a executable region of memory because it is within the TEXT memory segment. NX bits only come into play if you are trying to execute shellcode on the stack or heap, which is not required for this assignment.

Now go and clobber that EIP!

More Related Contents:

  1. Disable all optimization options in GCC
  2. C optimisation of string literals
  3. Is it possible to tell the branch predictor how likely it is to follow the branch?
  4. Why does this memory address %fs:0x28 ( fs[0x28] ) have a random value?
  5. Compiler changes printf to puts
  6. Why is gcc allowed to speculatively load from a struct?
  7. How to prevent scanf causing a buffer overflow in C?
  8. Is there a 128 bit integer in gcc?
  9. Scanf skips every other while loop in C
  10. Why does GCC allocate more space than necessary on the stack, beyond what’s needed for alignment?
  11. Is an empty initializer list valid C code?
  12. Working of fork() in linux gcc [duplicate]
  13. How does GCC implement variable-length arrays?
  14. Where is PATH_MAX defined in Linux?
  15. How to verify if a void pointer (void *) is one of two data types?
  16. typeof operator in C
  17. Recommended gcc warning options for C [closed]
  18. Build .so file from .c file using gcc command line
  19. Can I mix static and shared-object libraries when linking?
  20. Disable variable-length automatic arrays in gcc
  21. Why can’t local variable be used in GNU C basic inline asm statements?
  22. Create statically-linked binary that uses getaddrinfo?
  23. Installing OpenMP on Mac OS X 10.11
  24. Yet Another MinGW “gcc: error: CreateProcess: No such file or directory”
  25. Why do I get a warning every time I use malloc?
  26. Implementation of sizeof operator
  27. Pointer arithmetic when void has unknown size [closed]
  28. How to compile executable for Windows with GCC with Linux Subsystem?
  29. Why does static initialization of flexible array member work?
  30. What is the effect of second argument in _builtin_prefetch()?

Leave a Comment