btopia
4th May 2011, 05:59 AM
Hi,
I'm running Fedora 14 x86_64.
I have
#cat /proc/sys/kernel/exec-shield
0
#cat /proc/sys/kernel/randomize_va_space
0
However, when I attempted to run the following piece of code, I still got a segmentation fault right at the first instruction after branching onto the address of buf (*fn).
I thought when we have /proc/sys/kernel/exec-shield = 0, then it should be allowed to execute code on the stack?
--------------------------------------------------------------------------
#include <stdio.h>
#include <string.h>
unsigned char shellcode[]="\xb0\x01\x31\xdb\xcd\x80";
int main()
{
char buf[512];
typedef void (*pfn)();
memcpy(buf, shellcode, 512);
pfn fn = (pfn)buf;
(*fn)(); /// Segmentation fault !
return 0;
}
-----------------------------------------------------------------
Following is the GDB output
(gdb) run
Starting program: /home/kat/t/a.out
Program received signal SIGSEGV, Segmentation fault.
0x00007fffffffdfe0 in ?? ()
Missing separate debuginfos, use: debuginfo-install glibc-2.12.1-3.x86_64 libgcc-4.4.4-10.fc13.x86_64 libstdc++-4.4.4-10.fc13.x86_64
(gdb) x/5i 0x7fffffffdfe0
=> 0x7fffffffdfe0: mov $0x1,%al
0x7fffffffdfe2: xor %ebx,%ebx
0x7fffffffdfe4: int $0x80
0x7fffffffdfe6: add %al,(%rax)
0x7fffffffdfe8: add %al,(%rax)
(gdb)
I'm running Fedora 14 x86_64.
I have
#cat /proc/sys/kernel/exec-shield
0
#cat /proc/sys/kernel/randomize_va_space
0
However, when I attempted to run the following piece of code, I still got a segmentation fault right at the first instruction after branching onto the address of buf (*fn).
I thought when we have /proc/sys/kernel/exec-shield = 0, then it should be allowed to execute code on the stack?
--------------------------------------------------------------------------
#include <stdio.h>
#include <string.h>
unsigned char shellcode[]="\xb0\x01\x31\xdb\xcd\x80";
int main()
{
char buf[512];
typedef void (*pfn)();
memcpy(buf, shellcode, 512);
pfn fn = (pfn)buf;
(*fn)(); /// Segmentation fault !
return 0;
}
-----------------------------------------------------------------
Following is the GDB output
(gdb) run
Starting program: /home/kat/t/a.out
Program received signal SIGSEGV, Segmentation fault.
0x00007fffffffdfe0 in ?? ()
Missing separate debuginfos, use: debuginfo-install glibc-2.12.1-3.x86_64 libgcc-4.4.4-10.fc13.x86_64 libstdc++-4.4.4-10.fc13.x86_64
(gdb) x/5i 0x7fffffffdfe0
=> 0x7fffffffdfe0: mov $0x1,%al
0x7fffffffdfe2: xor %ebx,%ebx
0x7fffffffdfe4: int $0x80
0x7fffffffdfe6: add %al,(%rax)
0x7fffffffdfe8: add %al,(%rax)
(gdb)
