为程序调试缓冲区溢出设置系统

Question

I remember reading a long time ago that if I want to test for buffer overflows on my linux box that I need to set something in the system to allow it to happen. I can't remember exactly what it was for, but I was hoping some one knew what I was talking about.

I want to be able to test my programs for vulnerabilities, and see if the registers are overwritten.

EDIT: I am running ubuntu 10.04

Answer 1

One option is to use a memory debugger such as Valgrind . Note, however, that Valgrind only tracks for buffer overflows on dynamically-allocated memory.

If you have the option to use C++ instead of C, then you can switch to using containers rather than raw arrays, and harness GCC's "checked container" mode (see GCC STL bound checking ). I'm sure other compilers offer similar tools.

Answer 2

Another hint (in addition of Oli's answer ), when chasing memory bugs with the gdb debugger, is to disable address space layout randomization , with eg

 echo 0 > /proc/sys/kernel/randomize_va_space

After doing that, two consecutive runs of the same deterministic program will usually mmap regions at the same addresses (from one run to another), and this helps a lot debugging with gdb (because then malloc usually gives the same result from one run to another, at the same given location in the run).

You can also use the watch command of gdb . In particular, if in a first run (with ASLR disabled) you figure that the location 0x123456 is changing unexepectedly, you could give gdb the following command in its second run:

 watch * (void**) 0x123456

Then gdb will break when this location changes (sadly, it has to be mmap -ed already).