Re: non-executable stack (via PT_GNU_STACK) not being enforced
On Wed, Oct 13, 2010 at 10:58:05AM -0400, Brchk05 wrote:
> <PATERNAL WARNING>: the shellcode below launches /bin/sh. It is from
> Aleph One's Smashing the Stack for Fun and Profit. It is generally a
> bad idea to blindly run someone else's shellcode on your machine since
> you don't know what it will do (unless you've analyzed it). You can
> and should verify that the following shellcode is the same as listed
> in Aleph One's article (found easily via Google) before running this
> example.</WARNING>
Linked from the wiki URL I gave earlier is a set of NX tests that only
depend on the "return" machine code instruction to do the NX tests (so it
is easier to show that it is not evil machine code):
http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/files/head%3A/scripts/kernel-security/nx/
$ make
...
$ ./nx-test
Usage: ./nx-test [data|bss|stack|brk|mmap|mmap-exec]
To check your stack, here it is, being protected:
$ ./nx-test stack
...
Attempting to execute function at 0x7fff00a5f86c
If this program seg-faults, the region was enforced as non-executable...
Segmentation fault
or here it is without enforcement:
$ ./nx-test stack
...
Attempting to execute function at 0x7fff00a5f86c
If this program seg-faults, the region was enforced as non-executable...
Unexpected: returned from function that was marked non-executable.
NX segment markings are not being enforced.
You can check all kinds of memory regions in the ELF, though this is really
only useful when examining NX emulation.
-Kees
--
Kees Cook @debian.org
Reply to: