OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: "Moving" Stack: my poor return address!

From: Alexander Klimov (alserkliinbox.ru)
Date: Wed Aug 02 2006 - 04:14:07 CDT


On Mon, 31 Jul 2006, Jack C wrote:
> I'm running on Fedora 5. Is this a security thing that's new in the past
> 2 years or so since I've coded one of these?

Yes, many distributions now use by default address space
randomization.

> Is there any way I can either (1) make the stack sit still so I can
> point into it

<http://gcc.gnu.org/wiki/Randomization>:
 To disable randomization for a shell session:
   setarch $(uname -p) -RL bash
 To disable randomization for the whole system, add this to
 /etc/sysctl.conf:
   kernel.randomize_va_space = 0
 After that, run 'sysctl -p' as root to update the kernel without
 rebooting.

> or (2) find out where it is during execution?

Just printf address of some local variable (they are allocated in
stack).

--
Regards,
ASK