Linux Stack Protection By Default

Modern gcc compiler (v9.2.0) protects the stack by default and you will notice it because instead of SIGSEGV on stack overflow you will get a SIGABRT, but it also generates coredumps.

In this case the compiler adds the variable local_10. This variable helds a canary value that is checked at the end of the function.
The memset overflows the four bytes stack variable and modifies the canary value.

The 64bits canary 0x5429851ebaf95800 can't be predicted, but in specific situations is not re-generated and can be bruteforced or in other situations can be leaked from memory for example using a format string vulnerability or an arbitrary read wihout overflowing the stack.

If the canary doesn't match, the libc function __stack_chck_fail is called and terminates the prorgam with a SIGABORT which generates a coredump, in the case of archlinux managed by systemd and are stored on "/var/lib/systemd/coredump/"


❯❯❯ ./test 
*** stack smashing detected ***: terminated
fish: './test' terminated by signal SIGABRT (Abort)

❯❯❯ sudo lz4 -d core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000.lz4
[sudo] password for xxxx: 
Decoding file core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 
core.test.1000.c611b : decoded 249856 bytes 

 ❯❯❯ sudo gdb /home/xxxx/test core.test.1000.c611b7caa58a4fa3bcf403e6eac95bb0.1121.1574354610000000 -q 

We specify the binary and the core file as a gdb parameters. We can see only one LWP (light weight process) or linux thread, so in this case is quicker to check. First of all lets see the back trace, because in this case the execution don't terminate in the segfaulted return.

We can see on frame 5 the address were it would had returned to main if it wouldn't aborted.

Happy Idea: we can use this stack canary aborts to detect stack overflows. In Debian with prevous versions it will be exploitable depending on the compilation flags used.
And note that the canary is located as the last variable in the stack so the previous variables can be overwritten without problems.

Related posts

1. What Is Hacking Tools
2. Hacking Apps
3. Hack Tools Pc
4. Tools 4 Hack
5. Tools 4 Hack
6. Hacker
7. Tools For Hacker
8. Ethical Hacker Tools
9. Hacker Search Tools
10. Kik Hack Tools
11. Hacking Tools Windows 10
12. Best Hacking Tools 2020
13. Hacks And Tools
14. Hacker Tools
15. Hacking Tools Name
16. Hacking Tools For Mac
17. Hacker Tools Apk
18. Hacker Tools List
19. Beginner Hacker Tools
20. Hacker
21. Hacking Apps
22. Pentest Tools Tcp Port Scanner
23. Pentest Tools Website Vulnerability
24. Hak5 Tools
25. Install Pentest Tools Ubuntu
26. What Are Hacking Tools
27. Pentest Tools Find Subdomains
28. Pentest Tools List
29. Install Pentest Tools Ubuntu
30. Hacking Tools For Kali Linux
31. Pentest Tools Subdomain
32. Pentest Reporting Tools
33. Hacker Tools For Ios
34. Pentest Tools Kali Linux
35. Hacking Tools
36. Hacker Tools
37. Pentest Tools Website Vulnerability
38. Best Pentesting Tools 2018
39. Hacker Tools For Pc
40. Pentest Tools Online
41. Black Hat Hacker Tools
42. Pentest Reporting Tools
43. Computer Hacker
44. Install Pentest Tools Ubuntu
45. Hacker Tools Free Download
46. Hacking Tools Hardware
47. Pentest Tools Kali Linux
48. Pentest Tools Framework
49. Pentest Tools For Mac
50. Hack Tools Github
51. Hacker Tool Kit
52. Hacking Tools 2019
53. Hack Tools
54. Hacker Tools For Ios
55. Hacking Tools Windows 10
56. Usb Pentest Tools
57. Hacker Tools Free
58. Nsa Hack Tools
59. Hacking Tools
60. Hacking Tools Software
61. Bluetooth Hacking Tools Kali
62. Hack Tools For Windows
63. Hacking Tools 2020
64. Hacker Tools Hardware
65. Usb Pentest Tools
66. Pentest Tools Url Fuzzer
67. Nsa Hack Tools Download
68. Hacker
69. Hacking Apps
70. Pentest Tools Bluekeep
71. Hacker Tools List
72. Pentest Tools Bluekeep
73. Bluetooth Hacking Tools Kali
74. Hacker Tools Apk Download
75. Hacker Tools For Mac
76. Hacking Tools Free Download
77. Tools 4 Hack
78. Nsa Hacker Tools
79. Hacking Tools Windows
80. Hacker Tools Hardware
81. Hacker Tools For Ios
82. Pentest Tools Windows
83. Hack Tools Pc
84. Hacking Tools Hardware
85. Github Hacking Tools
86. New Hacker Tools
87. Hacker Tools For Mac
88. Hack Tools Mac
89. Hacker Tools Mac
90. Hack Tool Apk No Root
91. Underground Hacker Sites
92. Pentest Automation Tools
93. Hacker Tools Online
94. Hacking Tools Online
95. Pentest Tools Online
96. Hacker Tools Mac
97. Hack And Tools
98. Hack Tools For Games
99. Hack Apps
100. Hack Tools
101. Pentest Tools Framework
102. Hacker Tools For Pc
103. Hacking Tools 2020
104. Hack And Tools
105. Hacking Tools Windows
106. Top Pentest Tools
107. Hacker Tools For Ios
108. Hack Tools
109. Pentest Tools Bluekeep
110. Hacker Tools Apk
111. Hacker Tool Kit
112. Pentest Tools Url Fuzzer
113. Hacker Tools Linux
114. Hacker Tools Online
115. Top Pentest Tools
116. Hacker Tool Kit
117. Usb Pentest Tools
118. Pentest Tools Subdomain
119. Hacking Tools For Pc
120. Pentest Tools Review
121. Hacking Tools Kit
122. Hack Tools For Mac
123. Pentest Tools Find Subdomains
124. Hacker Tools Apk
125. Hackrf Tools
126. Android Hack Tools Github
127. Hacker Tools List
128. Hacking Tools For Windows Free Download
129. Nsa Hack Tools Download
130. Hacker Tools For Pc
131. New Hack Tools
132. Pentest Tools Windows
133. Hackrf Tools
134. Hacking Tools For Windows
135. Pentest Tools Url Fuzzer
136. Pentest Tools Github
137. Game Hacking
138. Hak5 Tools
139. Blackhat Hacker Tools
140. Hacker Tools
141. Pentest Tools Linux
142. Top Pentest Tools
143. Pentest Tools Website
144. Hacking Tools Pc
145. Hacker Security Tools
146. Hacking Tools Kit
147. How To Make Hacking Tools
148. Hacking Tools Download
149. Hacker Tools Github
150. Hacking Tools Mac
151. Pentest Tools Linux
152. Hacking Tools Pc
153. Black Hat Hacker Tools
154. World No 1 Hacker Software
155. Hacking Tools Pc
156. Pentest Tools Url Fuzzer
157. Android Hack Tools Github
158. Hacker Tools Online
159. Pentest Tools Find Subdomains
160. Hack Tools For Ubuntu
161. Hack Apps